Safe to use OWASP modsec rules with ConfigServer/Atomic rule

These forums are not for questions about ModSecurity, just the cmc script itself
Post Reply
sozotech
Junior Member
Posts: 18
Joined: 22 Oct 2013, 13:15

Safe to use OWASP modsec rules with ConfigServer/Atomic rule

Post by sozotech »

I got the following notifcation logging into one of my cpanel servers this morning.

Code: Select all

OWASP rules for ModSecurity™ More Information
The OWASP ModSecurity CRS is a set of rules for use with the ModSecurity Apache module aimed at protecting your web server from malicious traffic. Through the guidance of OWASP, cPanel is now distributing a curated set of these rules. You can install and manage these rules using the WHM ModSecurity applications. You can read more information about the OWASP ModSecurity CRS, including installation pre-requisites and instructions, in the OWASP ModSecurity™ CRS documentation linked above.

https://documentation.cpanel.net/display/CKB/OWASP+ModSecurity+CRS
Are these rules safe to enable along with the default Atomic rules that ConfigServer has been installing via their cpanel service?

Best regards,
Eric
Pascal
Junior Member
Posts: 2
Joined: 16 Jun 2008, 16:44

Re: Safe to use OWASP modsec rules with ConfigServer/Atomic

Post by Pascal »

I would like to know that as well.

Kind regards

Pascal
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: Safe to use OWASP modsec rules with ConfigServer/Atomic

Post by ForumAdmin »

You should remove the lines from /usr/local/apache/conf/modsec2.user.conf and then remove /usr/local/etc/apache/modsec/ then restart apache. You should not run multiple rulesets at the same time.
sozotech
Junior Member
Posts: 18
Joined: 22 Oct 2013, 13:15

Re: Safe to use OWASP modsec rules with ConfigServer/Atomic

Post by sozotech »

Do you have an opinion on which ruleset is better overall?

Thanks,
Eric
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: Safe to use OWASP modsec rules with ConfigServer/Atomic

Post by ForumAdmin »

No, they all appear to have there problems and some don't correctly support the cPanel provided methods of integrating them (e.g. the paid for live ASL rules and the Comodo rules) so we do not currently have a recommendation on which to use.
verdonv
Junior Member
Posts: 20
Joined: 18 Nov 2014, 18:54

Re: Safe to use OWASP modsec rules with ConfigServer/Atomic

Post by verdonv »

ForumAdmin wrote:You should remove the lines from /usr/local/apache/conf/modsec2.user.conf and then remove /usr/local/etc/apache/modsec/ then restart apache. You should not run multiple rulesets at the same time.
Do you mean completely empty out the file, or just remove the lines including the asl_ files?

Thks :-)
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: Safe to use OWASP modsec rules with ConfigServer/Atomic

Post by ForumAdmin »

Empty it out, unless you use cxs in which case you should leave the cxs rule in there.
verdonv
Junior Member
Posts: 20
Joined: 18 Nov 2014, 18:54

Re: Safe to use OWASP modsec rules with ConfigServer/Atomic

Post by verdonv »

ForumAdmin wrote:Empty it out, unless you use cxs in which case you should leave the cxs rule in there.
Thank You. Yes I do use cxs.
Post Reply