I would like to use a good set of rules I you don't want your server to be fully protected by mod_security, continue using the simple ones that comes standard from cPanel.
I just don't know how to approach the big thing because if I put all the rules and I don't know what they do, it's not good.
I would be sure rules don't block some research bots or block some real scripts.
When I download the package of OWASP, I find lot of file conf.
In CMC interface, I see "Edit files containing ModSecurity configuration settings in /usr/local/apache/conf/"
If I put the files, I will be able to edit them via CMC?
Where can I add all these files?
Here: /usr/local/apache/conf/ ?
If I use a server cpanel, the place to put those files is somewhere else or the same?
AND do I need to install other things than those files if I use CMC?