OWASP Cpanel Rules - Experience

oempire

• April 17, 2016 02:26

We enabled the OWASP ruleset/ vendor over the weekend as its been listed as a vendor for around a year now, however i was surprised to find how horrible the ruleset is even after this long for the curation process. WordPress began failing, even at simple things image uploads, New Post, New Page, Menu adding The list goes on Magento was effected, Invision forums, custom scripts - it had a huge impact there's some nonsensical rules aswell. I've started white listing the rules, to specific folders / scripts to get around, but the amount of customers impacted is almost making me think to disable OWASP and go back to just my own ruleset and Comodo WAF - which i found less false positives (some whitelisting still needed) Perhaps we could as a community start a curation thread, where we can weed out the false positives and make specific folder / file excludes that others can use. I submitted feedback on around 40 rules this weekend - but to be honest it doesnt look promising if its this long after release and there's so many basic false positives. Am i the only one sending feedback?

• 

  cPanelMichael

  • April 18, 2016 15:12

  Perhaps we could as a community start a curation thread, where we can weed out the false positives and make specific folder / file excludes that others can use.

  
  Hello :) You can find a thread on this at: OWASP - mod security and wordpress Thank you.

  0

Please sign in to leave a comment.