Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

"OWASP ModSecurity Core Rule Set" -> VS -< "Comodo WAF"?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

"OWASP ModSecurity Core Rule Set" -> VS -< "Comodo WAF"?

AndreiGhesiAndreiGhesi Member
in Providers

Hi,

I have a question for the people offering shared hosting, what mod security vendor do you use and why?

modsecurity
  1. What vendor?20 votes
    1. OWASP ModSecurity Core Rule Set
      20.00%
    2. Comodo WAF
      80.00%

Comments

  • tomsfarmtomsfarm Member

    Comodo is a big organization ?

  • ClouviderClouvider Member, Patron Provider

    AtomiCorp is good.

  • jarjar Patron Provider, Top Host, Veteran
    edited April 2015

    Neither. You should selectively choose the mod_security rules you want and implement them. Relying blindly on large rule sets will cause problems with your client's applications and increase support requests, while likely not even protecting against tomorrow's latest threat to your client's CMS installations.

    I write my mod_sec rules not because I can (it's not fun), but because I have to. It's the only way to know what I'm blocking and know for sure that I'm addressing threats correctly.

    Thanked by 2coolice AndreiGhesi
  • coolicecoolice Member

    I also run on custom selected based on long years ... any way on some servers for a client i run comodo rules there less false positive than owasp

  • KrisKris Member

    Jar said: I write my mod_sec rules not because I can (it's not fun), but because I have to. It's the only way to know what I'm blocking and know for sure that I'm addressing threats correctly.

    Same, since 2005.

    Mod Security wasn't even an option in Easy Apache (cPanel) at the time. I created a lot of rules simply by tailing and analyzing error logs on my honeypot WordPress / CMS sites.

    My rules ended up pretty popular due to some nasty Fantastico exploits, and others alike, blocked easily with some string matches. It became the quasi-official ruleset for a while during Apache 1.x until 2.x rolled around, when things had to be completely re-written. Good times.

    Pretty funny, I just had to re-edit my post 5 times since I mentioned one of my most popular yet easy rule string matches, wget (followed by a space) - CloudFlare would not even save the draft of the post :)

    Thanked by 2jar JahAGR
  • ProfforgProfforg Member

    Kris said: Kris

    Do you have a website or something?

  • KrisKris Member

    @Profforg said:
    Do you have a website or something?

    Nope. I started working with Mod Security in 2003 when working for HostDime, and got very good at it having so many shared servers to watch new threats emerge.

    Just tailing the error_logs, looking for patterns is how things started. Then protecting the server (and other clients) from the user became key, as people would sign up for instant activation then upload an arsenal of rootkits. Unfortunately php disable functions could only be used conservatively with the burst of every single Gallery, Forum, other CMS in the early 2000's. Mod_Security could block threats without disabling your favorite PHP program.

    I kept working on it when I had my own hosting company, and would distribute it freely. Was actually approached by the cPanel devs who asked to link to it as an example ruleset in a security presentation at a Web Hosting convention. A lot of people also got it directly from cPanel forums when I had found an exploit / rootkit going around.

Sign In or Register to comment.