The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Who writes and maintains the default WHM mod_sec rules?

Discussion in 'General Discussion' started by Kaydiddle, Feb 28, 2009.

  1. Kaydiddle

    Kaydiddle Member

    Joined:
    Feb 14, 2009
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    I did search through these forums and I know where to find rules and documentation to make my own rule set; however, in the mean time, I would like to know if these WHM default rules are modsecurity.org's core rules or rules completely put together by cpanel?
    Do the default rules change when you update from modsecurity 1.x to 2.x in easapache, so that the rules are still compatible? Are they updated any other time?
     
  2. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    We use a subset of the rules that are provided by the mod_security team. The subset is/was selected by testing the default rules provided against the procuct ( cPanel ) as well as some of the third party software provided ( e.g. wordpress ). Rules that cause a problem are dropped. Only rules that do not cause an issue are provided by our installation of mod_security.

    I believe the rule definition changed between mod_security 1 and 2, but the end result should be the same.

    The rules are only updated when updating mod_security.

    There is support in place for providing your own rules, which are generally preserved across mod_security updates ( a warning might be issued when changing major versions ). These of course are updated whenever you opt to change them.
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,451
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
Loading...
Similar Threads - writes maintains default
  1. Marani
    Replies:
    2
    Views:
    152

Share This Page