Will cpanel be upgrade mod_security soon? Where to get rules?

BianchiDude

Well-Known Member
PartnerNOC
Jul 2, 2005
617
0
166
Will cpanel be upgrade mod_security soon?

Where is the best place to get rules for the current 1.9.5 version they use.
 

mtindor

Well-Known Member
Sep 14, 2004
1,497
130
193
inside a catfish
cPanel Access Level
Root Administrator
If you're running cPanel and modsec 1.9.5, you must be using Apache 1.3.x. At any rate, Welcome : Got Root is a good place for them.

Look under the section called All in one downloads for modsec 1.9 .

If you're running Apache 2.2.x and you run EasyApache, it's going to install modsec 2.6.3. I don't know what version of modsecurity is compiled in with Apache 2.0.x.

At any rate, you should be able to find what you want at gotroot.com. i don't know if they still maintain the 1.9 rules though -- probably not. But they'd be more recent than what I used to use.

Mike
 

mtindor

Well-Known Member
Sep 14, 2004
1,497
130
193
inside a catfish
cPanel Access Level
Root Administrator
AtomiCorp - Atomic Security. You can get the free delayed rules there for 2.2. If you recompiled your Apache in the last few weeks, you probably are using modsecurity 2.6.3. That's what is in the latest EasyApache. I'm sure there is an easy way to tell which version you are using, but you could tail -f /usr/local/apache/logs/error_log and do a /scripts/restartsrv_apache and see what version of ModSecurity is reported.

You can also do "grep 'modsecurity\.org' /usr/local/apache/logs/error_log " and the last line that comes up would be the latest modsecurity version that you are using, if it's actually set to load.

Mike