List of problematic OWASP ModSec rules?
We've been using GotRoot's mod_sec rules up until the last few server builds without a single issue, we then switched over to using cPanel's OWASP ruleset. Since then, we've had a lot of complaints about false positives.
Is anyone using this ruleset in production? Anyone have a list of rules that we should be disabling to make it more useful and not so customer-impacting?
-
If you don't have this addon installed, you might want to: ConfigServer ModSecurity Control (cmc) Using that you can disable rules per cPanel account instead of for the entire server. Since then, we've had a lot of complaints about false positives.
Same here. You can use the report tool in WebHost Manager for reporting rules giving you problems if you like. (Just don't hold your breathe for a fix from OWASP.)0
Please sign in to leave a comment.
Comments
1 comment