Re: Red Hat mod_security Rules to Mitigate Shellshock
What is the status of the mod_security rules made by cpanel project? There was a survey lightsyears ago about subscription and willingness to pay.
These rule could be offered by cpanel directly like the default setup provided with the mod_securitly module.
The overhaul of the gui which will be available with the next release is a nice improvement. But the rules itself could get an improvement. The id enumeration alone would be good thing.
-
Note: I moved your request into its own thread. The project to provide an improved mod_security is underway. In 11.46 you'll see the first outcome, which are significantly improved tools for managing the rules you currently have. The team is currently working on providing the OWASP mod_security rules to all cPanel & WHM servers. You can follow the status of the project in these feature requests: [list] - [url=http://features.cpanel.net/responses/mod-security-logs-in-cpanel]Mod security logs in cPanel | cPanel Feature Requests
- [url=http://features.cpanel.net/responses/mod-sec-rules]mod_sec rules | cPanel Feature Requests We see the work with OWASP as a possible stepping stone to offering commercial rule sets.
0 -
Thanks for the update, Kenneth. 0
Please sign in to leave a comment.
Comments
2 comments