Skip to main content

Why are modsecurity rules not installed by default?

Comments

6 comments

  • DennisMidjord
    My guess is that it could be causing issues with different types of software. We've seen a lot of false positives in PrestaShop and Wordpress.
    0
  • Tearabite
    There is the potential for a LOT of issues. Mod_Security requires a lot of care and feeding and customizing to work with your software (Wordpress, Drupal, Joomla, etc) - more than a lot of people want to deal with.. But once it's dialed-in, it's worth it.
    0
  • ::Gomez::
    Great! that"s what I imagined...
    There is the potential for a LOT of issues. Mod_Security requires a lot of care and feeding and customizing to work with your software (Wordpress, Drupal, Joomla, etc) - more than a lot of people want to deal with.. But once it's dialed-in, it's worth it.

    Also with the modsecurity rule set provided/modified by cPanel ? THanks a lot guys!
    0
  • cPanelMichael
    Hello, Yes, the OWASP ModSecurity Core Rule Set can lead to false positives and may require some additional configuration. We document this at: OWASP ModSecurity CRS - cPanel Knowledge Base - cPanel Documentation Thank you.
    0
  • ::Gomez::
    Hello, Yes, the OWASP ModSecurity Core Rule Set can lead to false positives and may require some additional configuration. We document this at:
    0
  • quizknows
    ModSecurity, as with any Firewall (it is a web app firewall after all) is only as good as its rule set. Owasp is a very in depth rule set, and as noted well in this thread, requires some customization. This is a caveat of OWASP more than ModSecurity itself. Some rule sets like Comodo require much less pruning. At this point in the industry, there are several amazing providers out there that offer managed/cloud WAF with a much more hands off experience. Of course I guess like anything there are trade offs to open source vs commercial solutions. However if you are a shared hosting provider, it's very worth looking at companies like cloudflare, sucuri, or sitelock. They see every hack going on across many customers, and it's much more efficient to offload that work to people who have done the research for you and can clean it reliably. I personally recommend a combination of both, modsec by default, and 3rd party layers as an added service option.
    0

Please sign in to leave a comment.