Skip to main content

ConfigServer ModSecControl Questions

Comments

8 comments

  • Marlon Owen Cruz
    Now, concerning CMC features. I'd like to take note of the following. -CMC allows global or domain level white listing of rules. Screenshot prntscr.com/79zawc -Log Entries can be expanded in greater depth/details that allows quick analysis without having to login and check logs. -Seamless integration with ConfigServer Exploit Scanner ( very useful security tool which Cpanel do not have yet )
    0
  • cPanelMichael
    Hello, Please keep in mind that ConfigServer develops these applications. They will need to update their application in order to work with newer versions of cPanel. I suggest continuing to consult with them through their support channels regarding this issue. Thank you.
    0
  • dalem
    run this command and it should start working again ln -s /usr/local/apache/logs/modsec_audit.log /usr/local/apache/logs/modsec_audit/modsec_audit.log

    0
  • Marlon Owen Cruz
    Thank you for the information guys. I have installed Cpanel OWASP rules last night and this morning. We got a bunch of tickets requesting to unblock their IPs because they've been blocked by firewall due to OWASP false positive triggers. I wonder if Cpanel ran a comprehensive test of these rules on shared hosting environment. I'm thinking it would be best if Cpanel could come up with a whitelisted rule database ideal for shared hosting. It's very tedious to be attending to blocking related tickets due to false positivess. Screenshot: - Removed -
    0
  • Marlon Owen Cruz
    I have just white listed two rules that are triggering false positive. Rule IDs: 981205 and 970901
    0
  • dalem
    run comodo wap here very few false positives the OWASP is a third party use at you own risk not really cpanel's job to to police OWASP
    0
  • Marlon Owen Cruz
    Hi Dalem, Thanks for the update. I'll try COMODO then, aside from the rules I have blocked yesterday, I'm seeing a bunch of other false positive today. About OWASP and Cpanel, I do know that OWASP is independent but what I'm thinking is that since Cpanel have included OWASP as an optional rule vendor by default, it would be great if Cpanel could at least maintain a database of rules that aren't ideal on a shared hosting environment so that users like myself will not have to go through a bunch of testing just to know which rules work and which do not. Then, we can simply have all those rules white listed or disabled.
    0
  • cPanelMichael
    it would be great if Cpanel could at least maintain a database of rules that aren't ideal on a shared hosting environment so that users like myself will not have to go through a bunch of testing just to know which rules work and which do not. Then, we can simply have all those rules white listed or disabled.

    Hello, A "Report this hit" option is available on the ModSecurity Tools page when "More" is pulled down. It's important to use this feature if you want to alert the vendor about which rules are not suitable for a shared hosting environment. Thank you.
    0

Please sign in to leave a comment.