New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Do you use mod_security?
raindog308
Administrator, Veteran
Playing with mod_security for cPanel-based hosting. At the moment I'm thinking of setting up the Atomic free rules
Do you use mod_security? If so which rules set?
BTW, I know you super-l33t types will say "pffft, I write my own rules!" Very well but I personally am not familiar with every open source software product in existence :-)
Comments
Didn't know there were rules other than the OWASP ones.
I might try this! Mod_Security seems like a good idea for most web servers.
most guys don't even set open_basedir or disable a few php verbs, so i guess you won't get many answers. Unless there's a easy-to-click web panel with an option l33t-anyhacker-setting already installed on their vps.
I used to use Mod_Security on my shared servers, but it caused more problems than what its worth. I just use CSF (Config Server Firewall) And its great
Nginx?
cpanel
You can run cPanel & Ngnix
I also noticed some minor issues even with default rules setup. As example it blocked (made unclickable) jquery menus in my Drupal installations, then blacklisted own (server) IP because Drupal cron feature, etc... It can be really a mess in shared hosting environment.
The most logical solution would be simply to remove those few lines in ruleset however till I find time to install and fix new potential mess with some better ruleset like OWASP and since I don't have any third party users I simply whitelisted my own and server IPs to temporary eliminate issues above without disabling or removing any rules.
The most logical solution would be simply to remove those few lines in ruleset however till I find time to install some better ruleset like OWASP and since I don't have any third party users I simply whitelisted my own and server IPs to temporary eliminate issues above without disabling or removing any rules.
It kept blocking the servers IP's and it got to the point it blocked my /27 and put my server in a loop, server load went to 500 then crashed. I have had so much issues with mod_security i just removed it. CSF replaced it, and is much better.
But CSF and mod_security are completely different tools.
I like/use CSF as well, but mod_security is app-level filtering which CSF doesn't do.
raindog308 true that.
Ouch. But atleast those IP blocks could be prevented with simple whitelist entries in mod_security configuration.
example:
SecRule REMOTE_ADDR "^127.52.153.192/27" phase:1,nolog,allow,ctl:ruleEngine=off