The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Updating Mod Security Rules

Discussion in 'Security' started by nitaish, May 1, 2009.

  1. nitaish

    nitaish Well-Known Member
    PartnerNOC

    Joined:
    Jan 6, 2006
    Messages:
    123
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Mulund, India, India
    How do I auto update or manually update mod_security rules on a server running Cpanel/WHM? Also, let me know how can I upgrade Mod Security on the server to the latest release.
     
  2. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Mod_security is updated when you recompile Apache with EasyApache. I don't know if you can actually update this plugin without recompile the apache server.

    And respecting the rules, you can google for "mod_security rules" or search within this forum. Webhostingtalk has a good collection of mod_sec rules cPanel friendly. ALSO, you must confirm that you are using a set of rules compatible with your mod_security install, since they're available for mod_sec 1.x and 2.x and you'll see they are slightly different.

    AFAIK, there is no automated method to upgrade mod_sec rules since they must be selected based on your server and security needs. So, it's up to you to understand each and every rule, read the tutorials in the official website, and do the better choices to protect your server without having trapped false positives.
    Regards!

    More links:

    ADDED: this is self explanatory


    ;)
     
    #2 Kent Brockman, May 1, 2009
    Last edited: May 1, 2009
  3. PlatinumServerM

    PlatinumServerM Well-Known Member
    PartnerNOC

    Joined:
    Jul 10, 2005
    Messages:
    397
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    New Jersey, USA
    cPanel Access Level:
    Root Administrator
    The most important part of modsecurity is the ruleset itself. You can choose which one that fits you best based on your requirements (ie, how strict you want them to be). The bigger the ruleset, the more strict it will be, and you will probably see more problems with it blocking legit scripts.
     
Loading...

Share This Page