Why are modsecurity rules not installed by default?

::Gomez::

Member
Oct 13, 2003
22
3
153
Argentina
cPanel Access Level
Root Administrator
Twitter
Hey! how are you guys! I was just wondering if there is any specific reason why ModSecurity rules comes uninstalled on all cpanel servers... did you have any kind of issue after enabling it? wordpress/joomla are fully compatible? its a must to have it enabled/installed or there is no big difference in regards to security ?


THanks!
 

::Gomez::

Member
Oct 13, 2003
22
3
153
Argentina
cPanel Access Level
Root Administrator
Twitter
Great! that´s what I imagined...

There is the potential for a LOT of issues. Mod_Security requires a lot of care and feeding and customizing to work with your software (Wordpress, Drupal, Joomla, etc) - more than a lot of people want to deal with.. But once it's dialed-in, it's worth it.
Also with the modsecurity rule set provided/modified by cPanel ?


THanks a lot guys!
 

::Gomez::

Member
Oct 13, 2003
22
3
153
Argentina
cPanel Access Level
Root Administrator
Twitter
  • Like
Reactions: quizknows

quizknows

Well-Known Member
Oct 20, 2009
1,008
86
78
cPanel Access Level
DataCenter Provider
ModSecurity, as with any Firewall (it is a web app firewall after all) is only as good as its rule set.

Owasp is a very in depth rule set, and as noted well in this thread, requires some customization. This is a caveat of OWASP more than ModSecurity itself. Some rule sets like Comodo require much less pruning.

At this point in the industry, there are several amazing providers out there that offer managed/cloud WAF with a much more hands off experience. Of course I guess like anything there are trade offs to open source vs commercial solutions. However if you are a shared hosting provider, it's very worth looking at companies like cloudflare, sucuri, or sitelock. They see every hack going on across many customers, and it's much more efficient to offload that work to people who have done the research for you and can clean it reliably.

I personally recommend a combination of both, modsec by default, and 3rd party layers as an added service option.
 
  • Like
Reactions: cPanelMichael