mod_security

[NiteWave]

Hi, please try 4.2.2, "Improved mod_security compatibility with gotroot ruleset." (http://www.litespeedtech.com/litespeed-web-server-release-log.html) more work than 4.2.1

 

[lancelot]

Which rule set?

What is the suggested version to use for the gotroot rule sets at "https://updates.atomicorp.com/channels/rules/delayed/"? Should we use the "modsec-2.5" or the "modsec-2.7" ruleset? I am not sure which one is more compatible or you have been testing against?

 

[stormy]

What's the status on this? Is there a confirmed basic ruleset that will work?

 

[lancelot]

I was told the latest should work fine, so I have been using the "modsec-2.7" set without issue. If it doesn't understand a rule it will ignore it. So far I have had very few issues besides the normal problem with some rules being a little too aggressive, so I just remove those ones.

 

[stormy]

I have just enabled the rules that come with cPanel and it seems to work. No complaints from customers about broken sites so far.

However, an official confirmation would be great.

 

[stormy]

Here's an update. Rule "1234123429" is triggered by many cronjobs running on my servers:

[Rule: 'REQUEST_HEADERS:User-Agent' '!^apache.*perl'] [ID "1234123429"] [Msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [MatchedString "Wget/1.11.4 Red Hat modified"]

I've disabled it using ConfigServer ModSecurity Control. Not sure if this is a good idea or not.

From what I can gather, that rule shouldn't be triggered when running Apache, but is triggered when running Litespeed. Is this correct?