ModSecurity

#1
ModSecurity apparently adds an additional layer of security.

But I have been reading that it is difficult to administer, and that it may cause accidental blocks or block search engine bots unintentionally?

Is there a way to implement ModSecurity in a way that will not cause unintended issues?

Does using the OWASP core ruleset work as s 'set it and forget it' solution?

I'm a rookie at this, and trying to figure it all out.

Thanks
 

KH-Jonathan

Director of Managed Services
Staff member
#2
There's no such thing as a "set it and forget it" solution with ModSec. I've always found it to be more hassle than it's worth so as long as your application is secure you're set in most cases.

Unless you understand each and every rule, I wouldn't touch it. Also unless you're only running 1-2 sites I wouldn't mess with it. When you have lots of sites getting all different sorts of requests it's a nightmare.
 
#3
Hi Jonathan,

That is what I have seen others say as well...
Looks like ModSec is a no for me then.

Thanks for the input, and have a great day.
 
#4
Thanks for asking these questions W.

The CPanel user base is so large I'm glad to see good questions and worthy replies in a smaller venue.
 
#5
sounds interesting but I can't see any solid reasoning behind the replies, any one have any actual experience using this or is this just a "grapes too high" type thing, Aseop
 
#7
I have been using mod_security with the standard, unmodified ruleset for a VPS with about 15 sites on it (wordpress, joomla, other opensource packages) for about a week now and only had a positive experience, no false positives yet. It can be switched on and off with a single click in the rule sets, so no harm trying it.

However, I assume when getting more detailed in the rule set and running many different sites, it most likely will become a lot of effort and will require in-depth mod_security skills.
 
Top