Neo
Neo

Reputation: 11567

Does the new Mod Security in cPanel have it's own rules?

The new cPanel/WHM has Mod Security built in, I am not talking about Config Server or other third party solutions. Does enabling this do anything or do I need to use rules like OWASP and ATOMIC provide?

I know this sounds like a simple question that could be answered with a little research but I've done a lot and even read the /usr/local/apache/conf directory. I am trying to simplify the question, my real question is what is already built in and how can it integrate more rules? Are the rules activated by default or do they need to be included in the Custom Rule? Is it a bad idea to add OWASP rules? I tried doing this and everyone's IPs started getting blocked in the firewall.

Upvotes: 0

Views: 682

Answers (1)

Ivan
Ivan

Reputation: 1314

Rules added only as the latest cPanel update (using 11.48.0 build 9). It has included the OWASP ModSecurity Core Rule Set which can be enabled via WHM->Security Center->Modsecurity Vendors.

Upvotes: 1

Related Questions