The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Will cpanel be upgrade mod_security soon? Where to get rules?

Discussion in 'Security' started by BianchiDude, Mar 3, 2012.

  1. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    Will cpanel be upgrade mod_security soon?

    Where is the best place to get rules for the current 1.9.5 version they use.
     
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    If you're running cPanel and modsec 1.9.5, you must be using Apache 1.3.x. At any rate, Welcome : Got Root is a good place for them.

    Look under the section called All in one downloads for modsec 1.9 .

    If you're running Apache 2.2.x and you run EasyApache, it's going to install modsec 2.6.3. I don't know what version of modsecurity is compiled in with Apache 2.0.x.

    At any rate, you should be able to find what you want at gotroot.com. i don't know if they still maintain the 1.9 rules though -- probably not. But they'd be more recent than what I used to use.

    Mike
     
  3. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
  4. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    AtomiCorp - Atomic Security. You can get the free delayed rules there for 2.2. If you recompiled your Apache in the last few weeks, you probably are using modsecurity 2.6.3. That's what is in the latest EasyApache. I'm sure there is an easy way to tell which version you are using, but you could tail -f /usr/local/apache/logs/error_log and do a /scripts/restartsrv_apache and see what version of ModSecurity is reported.

    You can also do "grep 'modsecurity\.org' /usr/local/apache/logs/error_log " and the last line that comes up would be the latest modsecurity version that you are using, if it's actually set to load.

    Mike
     
Loading...

Share This Page