ModSecurity

Discussion in 'Security' started by WebEndev, Dec 8, 2014.

  1. WebEndev

    WebEndev Member

    ModSecurity apparently adds an additional layer of security.

    But I have been reading that it is difficult to administer, and that it may cause accidental blocks or block search engine bots unintentionally?

    Is there a way to implement ModSecurity in a way that will not cause unintended issues?

    Does using the OWASP core ruleset work as s 'set it and forget it' solution?

    I'm a rookie at this, and trying to figure it all out.

    Thanks
     
  2. KH-Jonathan

    KH-Jonathan Director of Managed Services Staff Member

    There's no such thing as a "set it and forget it" solution with ModSec. I've always found it to be more hassle than it's worth so as long as your application is secure you're set in most cases.

    Unless you understand each and every rule, I wouldn't touch it. Also unless you're only running 1-2 sites I wouldn't mess with it. When you have lots of sites getting all different sorts of requests it's a nightmare.
     
  3. WebEndev

    WebEndev Member

    Hi Jonathan,

    That is what I have seen others say as well...
    Looks like ModSec is a no for me then.

    Thanks for the input, and have a great day.
     
  4. kitchin

    kitchin New Member

    Thanks for asking these questions W.

    The CPanel user base is so large I'm glad to see good questions and worthy replies in a smaller venue.
     
  5. Tim Franklin

    Tim Franklin New Member

    sounds interesting but I can't see any solid reasoning behind the replies, any one have any actual experience using this or is this just a "grapes too high" type thing, Aseop
     
  6. jwillberg

    jwillberg New Member

    There are modsecurity rules which not cause problems. These rules are generic, but wont cause problems to sites (ex. wordpress, joomla, drupal, etc ...)
     
  7. The German

    The German New Member

    I have been using mod_security with the standard, unmodified ruleset for a VPS with about 15 sites on it (wordpress, joomla, other opensource packages) for about a week now and only had a positive experience, no false positives yet. It can be switched on and off with a single click in the rule sets, so no harm trying it.

    However, I assume when getting more detailed in the rule set and running many different sites, it most likely will become a lot of effort and will require in-depth mod_security skills.
     

Share This Page