OWASP ModSecurity Core Rule Set v3

joejordanbrown

• March 06, 2017 11:44

Shouldn't the OWASP vendor config file have the version added to the name or even another field to display the version. So if you have v2 and v3 installed you can differentiate between the two? If you look at the following files you will see they both have the exact same name v2 Also i notice v3 displays v2.9.0 in that file, is that an error or just local versioning?

• 

  cPanelMichael

  • March 06, 2017 17:12

  Hello, This is addressed with internal case CPANEL-10477 in cPanel version 64: Fixed case CPANEL-10477: Update WHM to use the new ModSecurity ruleset. You'll see "OWASP ModSecurity Core Rule Set V3.0" as the vendor name in cPanel version 64. Additionally, the case includes the following conditions: [LIST]

  If the server did not have the older OWASP set installed, the new set should be the only one on the page.

  If the server did have the older OWASP set installed, then it should still be installed and enabled, and the newer set should be shown as available to be installed.
  Thank you.

  0
• 

  joejordanbrown

  • March 06, 2017 19:34

  Ok, thank you.

  0

Please sign in to leave a comment.