OWASP ModSecurity CRS (WHM Cpanel Config) - Question

XxUnkn0wnxX

XxUnkn0wnxX

Active member
recently Cpanel had an update and i have been using mod security more and more to improve Security....

now from here: https://documentation.cpanel.net/display/CKB/OWASP+ModSecurity+CRS

reading the Docs i believe that some of these rules would interfere with Xenforo

i know in the past zbblock caused issues when i set rule to block RFI based attacks even though when i tried to upload XML files they where seen as an attack or posting threads with lots of code in it where seen as an attack though in reality it was a false positive...

has any one had any of these rules set up and had any issues?

if so what rules and how should they be disabled?
 
I'd be happy to... but I don't use a panel as I believe that it is a drain on resources.
Also, the number of people that use the OWASP rule set may not be that high. You may have more luck asking on the actual cPanel support site.
 
i have done some testing and it seems OWASAP rule seem to block legit uses i have this so far configured the rest seems to block legit users do to the type of URL they get served up like long URL with symbols in it or xefenfor's proxified images

g0Fkg.png

g0Fkw.png


i have other rules in place by cloud flare WAF and other layers that protect against some of the disabled ones...
its just the ones provided by vendor seems to block legit traffic.. as it incompatible with xenforo based structure..
like some of the links serviced up to users, some of these rules think it is an attack..
i'd rather have these rules blocking the request not banning the ip....
 
You must log in or register to reply here.

Similar threads

iaresee
Is anyone using the OWASP ModSecurity Core Rule Set with their Xenforo installs?
Replies
8
Views
2K
Moscato
Moscato
Back
Top Bottom