1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OWASP ModSecurity CRS (WHM Cpanel Config) - Question

Discussion in 'Server Configuration and Hosting' started by XxUnkn0wnxX, Feb 7, 2015.

  1. XxUnkn0wnxX

    XxUnkn0wnxX Active Member

    recently Cpanel had an update and i have been using mod security more and more to improve Security....

    now from here: https://documentation.cpanel.net/display/CKB/OWASP+ModSecurity+CRS

    reading the Docs i believe that some of these rules would interfere with Xenforo

    i know in the past zbblock caused issues when i set rule to block RFI based attacks even though when i tried to upload XML files they where seen as an attack or posting threads with lots of code in it where seen as an attack though in reality it was a false positive...

    has any one had any of these rules set up and had any issues?

    if so what rules and how should they be disabled?
  2. XxUnkn0wnxX

    XxUnkn0wnxX Active Member

    any one going to help me out?
  3. Tracy Perry

    Tracy Perry Well-Known Member

    I'd be happy to... but I don't use a panel as I believe that it is a drain on resources.
    Also, the number of people that use the OWASP rule set may not be that high. You may have more luck asking on the actual cPanel support site.
  4. Moscato

    Moscato Active Member

    I'd love to help, but I actually use the cloudflare pro waf
  5. XxUnkn0wnxX

    XxUnkn0wnxX Active Member

    i have done some testing and it seems OWASAP rule seem to block legit uses i have this so far configured the rest seems to block legit users do to the type of URL they get served up like long URL with symbols in it or xefenfor's proxified images


    i have other rules in place by cloud flare WAF and other layers that protect against some of the disabled ones...
    its just the ones provided by vendor seems to block legit traffic.. as it incompatible with xenforo based structure..
    like some of the links serviced up to users, some of these rules think it is an attack..
    i'd rather have these rules blocking the request not banning the ip....

Share This Page