Using ModSecurity
-
I've installed mod_security2 and read the cPanel docs:
Overview The OWASP (Open Web Application Security Project) ModSecurity CRS (Core Rule Set) is a set of rules that Apache"s ModSecurity" module can use to help protect your server. While these rules do not make your server impervious to attacks, they greatly increase the amount of protection for your web applications. please read more here: This feature relies entirely on that service being available Advantages: This is a one stop shop for all of the databases required for these features. They provide a consistent dataset for blocking and reporting purposes Disadvantages: MaxMind require a license key to download their databases. This is free of charge, but requires the user to create an account on their website to generate the required key: WARNING: As of 2019-12-29, MaxMind REQUIRES you to create an account on their site and to generate a license key to use their databases. See: You MUST set the following to continue using the IP lookup features of csf, otherwise an error will be generated and the features will not work. Alternatively set CC_SRC below to a different provider MaxMind License Key: MM_LICENSE_KEY = (Enter your Key here) 2. DB-IP, ipdeny.com, iptoasn.com Advantages: The ipdeny.com databases form CC blocking are better optimised and so are quicker to process and create fewer iptables entries. All of these databases are free to download without requiring login or key Disadvantages: Multiple sources mean that any one of the three could interrupt the provision of these features. It may also mean that there are inconsistences between them Set the following to your preferred source: "1" - MaxMind "2" - db-ip, ipdeny, iptoasn The default is "2" on new installations of csf, or set to "1" to use the MaxMind databases after obtaining a license key CC_SRC = (Enter 1 here) Just further down same section you can select CC_ALLOW_FILTER = US this will allow only US IPs to your serverwide An alternative to CC_ALLOW is to only allow access from the following countries but still filter based on the port and packets rules. All other connections are dropped CC_ALLOW_FILTER = (enter US here) hope that helps Spiro0 -
I just wanted to add that the blog entry had some specific things for ModSec3, which is still experimental. The OWASP core ruleset is the one that is provided by cPanel and available to be installed with just a click in the interface. Here's what I see on a fresh cPanel installation, so it's completely safe to use: 0 -
In my point of view ModSecurity v3 is stable (ModSecurity - Wikipedia). Actually it's in the experemential repo at cpanel. Do somebody know when releasing in whm a standard? 0 -
I don't currently know when or if there are plans to release that into general use. Packages in the experimental repository are always being evaluated to see if it's something we want to include in the official release. 0 -
any update on libmodsecurity 3 going stable in cpanel ?
0 -
At this point, the Apache connector still hasn't been released to a stable version by the ModSecurity team, so it still isn't up to us at this point. More details are here:
https://github.com/SpiderLabs/ModSecurity-apache
with the following note:
"NOTE: This project is not production ready"
0 -
Hi , and this one ?
https://github.com/SpiderLabs/ModSecurity-nginx
Thanks
0 -
That project hasn't been updated for over 18 months.
0
Please sign in to leave a comment.
Comments
8 comments