Minimal OWASP ModSecurity CRS Settings?
I am using WHM and have installed OWASP ModSecurity CRS but I want to have the most crucial secure protections only that does not (or at least almost never) cause false positives. So what rules do you suggest to have enabled for this?
I was thinking ONLY enabling these:
[LIST]
REQUEST-30-APPLICATION-ATTACK-LFI
REQUEST-31-APPLICATION-ATTACK-RFI
REQUEST-41-APPLICATION-ATTACK-SQLI
REQUEST-49-BLOCKING-EVALUATION
Do you have any suggestions?
-
From what i'm learning, i think it all depends on what packages are running. For instance Joomla would require different rules disabling to WordPress. I was told that most installs would remove around 10 rules, but no one has told me any specific 10. I currently have 960008, 960009, 960015 and 981138 disabled. I'm not even sure if the results i was seeing were false or true, but i was seeing hundreds of results within 2 hours of installing OWASP. 0 -
]From what i'm learning, i think it all depends on what packages are running. For instance Joomla would require different rules disabling to WordPress. I was told that most installs would remove around 10 rules, but no one has told me any specific 10. I currently have 960008, 960009, 960015 and 981138 disabled. I'm not even sure if the results i was seeing were false or true, but i was seeing hundreds of results within 2 hours of installing OWASP.
I am also confused. When I first turned it on (all rules was set to default - ALL on) and I got hundreds of results after 2 min which made me turn it off completely.0 -
]I am using WHM and have installed OWASP ModSecurity CRS but I want to have the most crucial secure protections only that does not (or at least almost never) cause false positives. So what rules do you suggest to have enabled for this?
Hello :) You may find this thread helpful: OWASP - mod security and wordpress There are several posts regarding this rule list and it's usability. Thank you.0 -
cPanelMichael, Thanks for the info. I read that thread and also added a message unfortunately I just noticed alot of people addressing many of the issues like me.... Still I am waiting for an answer to my initial question mentioned in 1st post here. 0 -
]cPanelMichael, Thanks for the info. I read that thread and also added a message unfortunately I just noticed alot of people addressing many of the issues like me....
I have removed your post in the other thread, cross posting only confuses an issue.]Still I am waiting for an answer to my initial question mentioned in 1st post here.
There is no perfect list to suggest, IMHO. All of the Rulesets ideally could be used and the only need being to disable specific rules for your own needs. That thread you were linked to, discusses issues with Wordpress, some rules need to be disabled for it to work properly, for one example.0
Please sign in to leave a comment.
Comments
5 comments