1. C

    OWASP ModSecurity Core Rule Set 3.3.5 [Security Fix]

    Hello, The OWASP ModSecurity Core Rule Set (CRS) team is pleased to announce the release of CRS v3.3.5. This is a security release which fixes the recently announced CVE-2023-38199, whereby it is possible to cause an impedance mismatch on some platforms running CRS v3.3.4 and earlier by...
  2. A

    Google bot triggering OWASP modsecurity rule 949110

    Last few days we have been noticing that Google crawler IP's (i.e. 66.249.xxx.xxx) have stared being blocked by the OWASP modsecurity rules. This is not an isolated case, we have many servers and the same issues has been seen across all of them. Previously we had no issues like this related to...
  3. bejbi

    ModSecurity OWASP blocking GTMetrix

    If you are using OWASP rules v. 3.3.4 you can experience problem with GTmetrix service. All requests will serve 403 error. It is interesting becouse probably GTmetrix sends forbidden header. GTmetrix is blocked by 3 rules: 920450 - request protocol enforcement 949110 - request blocking...
  4. webmastergreg

    OWASP 3.3.2 and "ping" with rules 932150 and 1234123447

    Hello FYI I was confronted with the blocking of an interface following modsecurity blocking by rule N°1234123447 Precisely the request: "?_wblapi=/forsef/v1/ping" Triggers rule N°1234123447 because of the term "ping" In bold just below. ModSecurity: Access denied with code 501, [Rule: 'ARGS'...
  5. M

    [SOLVED] Update OWASP CRS?

    Is it possible to get the most updated OWASP Core Rule Set on CentOS? We would like to implement ModSecurity rules that are available on the latest versions. We’re on version 3.0 and the current stable version is 3.3. Are there compatibility issues with cPanel for the latest version?
  6. sneader

    Advice on enabling the cPanel/OWASP-CRS Mod Security Rule Set

    We have Mod Security enabled, and using mod sec rules developed and provided by our data center. It has worked out very well, but there are some things we like about the OWASP Core Rule Set (CRS) that cPanel is making available to us. I'm investigating enabling these rules, either in...
  7. cPAdminsMichael

    Experience with the new OWASP ModSecurity CRS 3.3?

    Hi guys, Does any of you have any experience yet with the newly released OWASP ModSecurity Core Rule Set v3.3 that was released last month? (OWASP ModSecurity Core Rule Set – The 1st Line of Defense Against Web Application Attacks) Worth trying out?
  8. J

    In Progress [CPANEL-27532] /scripts/modsec_vendor update failed

    All of our servers are reporting identical update failures: The cPanel & WHM update process failed for the following reason: Maintenance ended; however, it did not exit cleanly (256). The following events were logged: “scripts/modsec_vendor”. Review the update logs to determine why the update...
  9. S

    OWASP mod_security breaking Wordpress page save

    As soon as I enable the OWASP mod_security rules, my clients or myself can't save a Wordpress page edit. My hosting support said mod_security was blocking ajax php requests, or something along those lines. Any suggestions? Thanks!
  10. M

    Questions about enabling mod_security

    I have a few questions on mod_security that puzzle me, so I thought I would ask for some help here to try and clarify them: I have mod_security enabled at the server level and have the OWASP ModSecurity Core Rule Set enabled, with all the 22 rules active. Rules engine is set to be processed...
  11. O

    ModSecurity SecResponseBodyLimit & SecResponseBodyLimitAction

    Hi Guys, I have ModSecurity installed with SecResponseBodyLimit at the default 512kb limit and SecResponseBodyLimitAction default 'block' setting. My question is as follows, in todays media rich web sites, is 512kb still reasonable? I have some customers running Wordpress that are hitting this...
  12. ::Gomez::

    Why are modsecurity rules not installed by default?

    Hey! how are you guys! I was just wondering if there is any specific reason why ModSecurity rules comes uninstalled on all cpanel servers... did you have any kind of issue after enabling it? wordpress/joomla are fully compatible? its a must to have it enabled/installed or there is no big...
  13. darwin7

    Last OWASP rules are reliable?

    Good morning I was planning to enable OWASP ruleset for ModSecurity and I searched around some information. Then, I found some worrying complaints (for example here OWASP Cpanel Rules - Experience) and I'm reviewing my plans. Since I read somewhere that OWASP rules have been recently updated...
  14. K

    Editing ModSecurity vendor rules

    Hello, Is there any way to edit the ModSecurity included vendor rules ? I'm using OWASP as a Vendor and I want to edit a single rule of theirs. I was not able to find a way through WHM. Is there any other way to edit such rule, for example through the command line ? Regards!
  15. F

    ModSecurity Inbound Anomaly Score Exceeded

    Hello, I have some questions about ModSecurity. I have this email: Time: Tue Aug 29 17:56:39 2017 +0200 IP: [Removed] Failures: 10 (mod_security) Interval: 3600 seconds Blocked: Permanent Block Log entries: [Tue Aug 29 17:56:34.795036 2017] [:error] [pid 10514] [Removed]...
  16. rpvw

    OWASP ModSecurity Core Rule Set V3.0 whm-server-status

    For anyone irritated by the ModSecurity Tools logged Hits every 5 minutes generated by the 'GET /whm-server-status' triggering rule id 920280 .......... this is for you :) 1) Go to Home » Security Center » ModSecurity™ Tools » Rules List and make sure you don't already have a rule id 1000 (if...
  17. S

    Installing MPM-Event and OWASP ModSecurity Core Rule Set V3.0 through command line

    Hi, Guys I am automating server hardening and optimization, 1) for that I need to install OWASP ModSecurity Core Rule Set V3.0 from the command line. 2) Also, I need to install MPM event through command line. Current EA4 profile is CPanel default. Please let me know the solution or...
  18. rinkleton

    Upgrading mod security to OWASP 3.0

    When upgrading to OWASP 3.0, do the rules get all new ID's, or do they stay the same, in which case I will have to go through all of the currently disabled rules and re-enable?
  19. J

    Problem with new OWASP3 rules

    So basically it's broken and no way to fix? Why do you ship this then? And please don't give the 3rd party excuse... after the last release of Cpanel I get a big message that says: OWASP has released version 3 of their Core Rule Set for ModSecurity™. This new version of the ruleset provides...
  20. S

    Apache Status page fails after 64 update

    Hi, I just updated our server to cpanel 64.0.11 and noticed a few issues. In WHM accessing the Apache Status page returns "Failed to receive status information from Apache." Accessing PhpMyAdmin via a users cPanel account will either hang on "Loading..." or display a 403/404 Security Token...