How to verify the authenticity of POST, PUT, and DELETE requests
Hello,
an webmaster said: "We use SQL injection filters and verify the authenticity of POST, PUT, and DELETE requests to prevent CSRF attacks."
I assume they are using something like Apache Mod_Security to filter out injection attempts, but i would like to ask what do you advice to install in WHM to "verify the authenticity of POST, PUT, and DELETE requests"? Can i do some modiffication on server so all cpanels are protected against that?
-
Hello, Mod_Security is the best application you can use to monitor request methods and block when certain rule criteria are met. Were you seeking out an application other than Mod_Security, or for a different purpose? Thank you. 0 -
thx, so this mentioned request authenticity veriffication is done by Mod Security rules, please can anyone link to some detailed info on rules which can ensure this veriffication of authenticity? 0 -
Typically, users choose to use an existing rule set from a vendor such as OWASP. You can browse to "WHM Home " Security Center " Manage Vendors" to enable a vendor such as OWASP (note that it's currently the only one available by default). Thank you. 0 -
Thx, but i dont recommend OWASP on production hosting servers with hundreds of websites, i tried to enable it from WHM and several content management systems functions stopped working thanks to it. I dont remember which functions and which rules i disabled but but it was more than 3 and then i resigned and disabled whole owasp. You will find there or on google that OWASP means issues 0 -
You are welcome to try using a different ruleset if the OWASP rules are not suitable for your server. Feel free to update us with the outcome. Thank you. 0
Please sign in to leave a comment.
Comments
5 comments