Will cpanel be upgrade mod_security soon? Where to get rules?

If you're running cPanel and modsec 1.9.5, you must be using Apache 1.3.x. At any rate, Welcome : Got Root is a good place for them.

Look under the section called All in one downloads for modsec 1.9 .

If you're running Apache 2.2.x and you run EasyApache, it's going to install modsec 2.6.3. I don't know what version of modsecurity is compiled in with Apache 2.0.x.

At any rate, you should be able to find what you want at gotroot.com. i don't know if they still maintain the 1.9 rules though -- probably not. But they'd be more recent than what I used to use.

Mike

 

AtomiCorp - Atomic Security. You can get the free delayed rules there for 2.2. If you recompiled your Apache in the last few weeks, you probably are using modsecurity 2.6.3. That's what is in the latest EasyApache. I'm sure there is an easy way to tell which version you are using, but you could tail -f /usr/local/apache/logs/error_log and do a /scripts/restartsrv_apache and see what version of ModSecurity is reported.

You can also do "grep 'modsecurity\.org' /usr/local/apache/logs/error_log " and the last line that comes up would be the latest modsecurity version that you are using, if it's actually set to load.

Mike