GoWilkes

Well-Known Member
Sep 26, 2006
646
28
178
cPanel Access Level
Root Administrator
I've installed mod_security2 and read the cPanel docs:


but I have a few other questions.

1. Should I install OWASP? What does it do?

2. I see under "Configuration" that I can provide a link to a MaxMind database under SecGeoLookupDb. What, exactly, does this do? I would LOVE to be able to block non-US IPs for specific domains instead of using CSF to do it server-wide!
 

Spirogg

Well-Known Member
Feb 21, 2018
696
151
43
chicago
cPanel Access Level
Root Administrator
I've installed mod_security2 and read the cPanel docs:


but I have a few other questions.

1. Should I install OWASP? What does it do?

2. I see under "Configuration" that I can provide a link to a MaxMind database under SecGeoLookupDb. What, exactly, does this do? I would LOVE to be able to block non-US IPs for specific domains instead of using CSF to do it server-wide!
Overview
The OWASP (Open Web Application Security Project) ModSecurity CRS (Core Rule Set) is a set of rules that Apache’s ModSecurity® module can use to help protect your server. While these rules do not make your server impervious to attacks, they greatly increase the amount of protection for your web applications.

please read more here:

Maxmind is also avail in CSF you need to follow the link in CSF to signup Free account and add the API code and change CSF section to 1 to activate Maxmind. it is a IP database. pretty good as far as I can tell cause I have been using it as well in CSF, to block countries by country code. example CN.RU.VN ( China, Russia, Vietnam )
There is an option as well to only allow US and not have to add all the above country codes in CSF see below:

I believe the difference will be that CSF protects the back layer of your server and ModSecurity OWASP protect your websites frontend layer from other attacks.
but CSF is a Huge plus in my opinion when blocking IP's with Maxmind for the server.

if you go to your CSF

Firewall Configuration
Select from the Drop down : Country Code Lists and Settings
Maxmind settings and info:

1. MaxMind

MaxMind GeoLite2 Country/City and ASN databases at:
This feature relies entirely on that service being available

Advantages: This is a one stop shop for all of the databases required for
these features. They provide a consistent dataset for blocking and reporting
purposes

Disadvantages: MaxMind require a license key to download their databases.
This is free of charge, but requires the user to create an account on their
website to generate the required key:

WARNING: As of 2019-12-29, MaxMind REQUIRES you to create an account on their
site and to generate a license key to use their databases. See:

You MUST set the following to continue using the IP lookup features of csf,
otherwise an error will be generated and the features will not work.
Alternatively set CC_SRC below to a different provider

MaxMind License Key:
MM_LICENSE_KEY = (Enter your Key here)


2. DB-IP, ipdeny.com, iptoasn.com

Advantages: The ipdeny.com databases form CC blocking are better optimised
and so are quicker to process and create fewer iptables entries. All of these
databases are free to download without requiring login or key

Disadvantages: Multiple sources mean that any one of the three could
interrupt the provision of these features. It may also mean that there are
inconsistences between them


Set the following to your preferred source:

"1" - MaxMind
"2" - db-ip, ipdeny, iptoasn

The default is "2" on new installations of csf, or set to "1" to use the
MaxMind databases after obtaining a license key
CC_SRC = (Enter 1 here)


Just further down same section you can select CC_ALLOW_FILTER = US
this will allow only US IPs to your serverwide


An alternative to CC_ALLOW is to only allow access from the following
countries but still filter based on the port and packets rules. All other
connections are dropped
CC_ALLOW_FILTER = (enter US here)


hope that helps
Spiro
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
10,360
1,632
363
cPanel Access Level
Root Administrator
I just wanted to add that the blog entry had some specific things for ModSec3, which is still experimental. The OWASP core ruleset is the one that is provided by cPanel and available to be installed with just a click in the interface. Here's what I see on a fresh cPanel installation, so it's completely safe to use:

Screen Shot 2022-03-31 at 12.10.01 PM.png
 
  • Like
Reactions: Spirogg