We are aware of an issue with a recent Apache update that causes proxied sites to return a "421 Misdirected Request" error. Please see the following article for more information and updates:
Websites show 421 Misdirected Request error while using EA Nginx

List of problematic OWASP ModSec rules?

optize

February 21, 2017 17:13

We've been using GotRoot's mod_sec rules up until the last few server builds without a single issue, we then switched over to using cPanel's OWASP ruleset. Since then, we've had a lot of complaints about false positives. Is anyone using this ruleset in production? Anyone have a list of rules that we should be disabling to make it more useful and not so customer-impacting?

Comments

1 comment

Infopro

February 21, 2017 22:24
If you don't have this addon installed, you might want to: ConfigServer ModSecurity Control (cmc) Using that you can disable rules per cPanel account instead of for the entire server.
Since then, we've had a lot of complaints about false positives.

Same here. You can use the report tool in WebHost Manager for reporting rules giving you problems if you like. (Just don't hold your breathe for a fix from OWASP.)
0

Please sign in to leave a comment.

Comments

Didn't find what you were looking for?