Updating to OWASP v.3.1 question

ronaldst

• February 12, 2019 03:57

I noticed that WHM still uses OWASP v.3.0. Is there any plans to update to the new version? Have anyone done this manually, and would that be a viable option while waiting for an official upgrade from cPanel?

• 

  fuzzylogic

  • February 12, 2019 11:02

  I made a post on how to do this manually. It can be found here... It contains a link to the cPanel Documentation on how to create a Modsecurity Vendor. I find it worthwhile to do this. After it is set up you can turn off Ruleset Updates for it so there is very little maintenance involved.

  0
• 

  cPanelLauren

  • February 15, 2019 14:05

  Hi @ronaldst I also wanted to point out that there's the following feature request for this as well Update ModSecurity Vendor OWASP to OWASP ModSecurity Core Rule Set (CRS) 3.1 I'd encourage you both to vote on this!

  0

Please sign in to leave a comment.