The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Where are the ModSecurity default rules?

Discussion in 'Security' started by Silent Ninja, Jan 7, 2015.

  1. Silent Ninja

    Silent Ninja Well-Known Member

    Joined:
    Apr 18, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Buenos Aires, Argentina
    I remember an option on WHM for ModSecurity where you can set the Default Configuration and view/edit the global rules.

    I haven't found that feature and now I see Configuration and Tools options but none of them show the rules and the logs show nothing is being blocked.

    Could you explain how I can modify the rules?

    I'm interested in testing the Atomic ModSec Ruleset (Atomic ModSecurity Rules - Atomicorp Wiki), but at least the default rules should be available by default as they used to.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. Silent Ninja

    Silent Ninja Well-Known Member

    Joined:
    Apr 18, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Buenos Aires, Argentina
    Ok, it's nice to know that you no longer provide the Default Configuration but... there's no place left to put mine in, there used to be a textarea I could use to fill with some custom rules, or at least see them if they were manually installed thru some other service.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. Gene Steinberg

    Gene Steinberg Well-Known Member

    Joined:
    May 26, 2007
    Messages:
    157
    Likes Received:
    1
    Trophy Points:
    18
    Quick note. The OWASP ruleset slows down my sites by about a second each. This confirmed via your support people in a service ticket. COMODO ruleset is much better. No noticeable speed heat, but it does flag an error on some of my sites (mostly WordPress and XenForo).

    If someone can suggest another ruleset that is as simple as COMODO to integrate, and works well, please let me know.

    Peace,
    Gene
     
  6. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    I'd recommend keeping COMODO and just whitelisting the few rule IDs that are causing you issues. Literally any modsec rule set is going to have some false positives you'll have to work through / customize.
     
  7. Gene Steinberg

    Gene Steinberg Well-Known Member

    Joined:
    May 26, 2007
    Messages:
    157
    Likes Received:
    1
    Trophy Points:
    18
    I had to contact support to do that. It's not at all clear how a specific rule applies to a specific problem.

    Peace,
    Gene
     
  8. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Usually the error_log is enough info, otherwise the audit log has tons of info but can be hard to read.

    If you know the IP that you're browsing behind, it's easy to check that in the error_log for any ModSecurity hits. Regardless, if you're not comfortable troubleshooting it, any good support rep should be able to get you taken care of :)
     
  9. Gene Steinberg

    Gene Steinberg Well-Known Member

    Joined:
    May 26, 2007
    Messages:
    157
    Likes Received:
    1
    Trophy Points:
    18
    The tech suggested I add something to a conf file that appears to have stopped extraneous messages or other behavior.

    Peace,
    Gene
     
Loading...

Share This Page