Mod_Security & Rules Recommendation

debug

• December 31, 2013 12:26

Hello, I am on a managed VPS. I am alone on my VPS and hosting only my own websites. I sell nothing, so no need SSL. My config: CENTOS 5.10 i686 virtuozzo " 32 bits WHM 11.40.1 Apache 2.2.26 php 5.3.28 CSF/LFD 6.39, Mod_security enabled via Easy_Apache v3.22.25. - SSH disabled via WHM, I never use it. - WHM/Pure FTPD disabled (I re-install it via WHM/FTP Server Selection only when I need it). - WHM Host Access Control assigned to my home IP only. - SSH 22 port renamed but removed in CSF Firewall Configuration/Incoming/outcoming TCP ports list I don't want upgrade/update my server right now to keep the compatibility with my old scripts. Mod_security is installed only with the basics rules. In fact, these rules stop almost nothing. The elementary transversal path

• 

  cPanelMichael

  • December 31, 2013 17:36

  Hello :) I just wanted to point out that downgrading Apache and PHP should not be an option here. It's not supported, and the older versions of Apache/PHP are scheduled for removal from EasyApache in the near future. You will likely receive some user feedback on the other options you presented here. Thank you.

  0
• 

  debug

  • January 02, 2014 16:03

  I don't have the skills to do the job by myself. In a first step, the next week, I'll buy the ConfigServer's package. I don't like very much the move (commercial) of Atomic, discontinuing their free rules. In a second step, in the future, I will consider the rules of Comodo. I may ask Config Server the install of the Comodo rules.

  0
• 

  debug

  • January 11, 2014 23:31

  Maybe I'm wrong but I just read on the wiki that paid ASL rules are not compatible with products ConfigServer. Is that correct? Do I have to uninstall CSF & CMC ?

  0
• 

  PlotHost

  • January 14, 2014 11:40

  The Atomic rules works ok with cPanel/mod_security. As someone already mentioned, another option is Comodo WAF [url=http://help.comodo.com/topic-212-1-516-5955-.html]Comodo Web Application Firewall - Quick Start Guide, Web App Firewall |COMODO

  0
• 

  NixTree

  • January 16, 2014 18:40

  Yes, you may try Comodo WAF. We have been testing it and it's working fine till latest release. With new release we get a lot of Seg fault errors. Seems like they need to work a bit more to make it mature. Once it is stable, should be a worth to use it.

  0
• 

  chrismfz

  • January 19, 2014 06:20

  You can set a cronjob to rsync rules, extract Atomicorp's rules, replace them and graceful restart Apache after that. You said you are unfamiliar with SSH-never used it. You can hire someone to do it it's easy enough. Set it 'n forget it. We use those rules for years with great results (you can't imagine what I see in logs). I can't say anything about Comodo's rules. I wish somebody could make an audit / penetration testing on various platforms and apps and post the results of a ASL vs Comodo but still nothing :D

  0
• 

  jsnape

  • March 04, 2014 03:51

  No need to buy the rules. I'd support these guys (Comodo), and encourage them to keep the rules updated.

  0

Please sign in to leave a comment.