Navigation

    • Register
    • Login
    • Search
    • Recent
    • Users
    • Groups

    What are ModSecurity best practices?

    CWP - Panel
    3
    4
    57
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Jesu VIllaWolf
      Jesu VIllaWolf last edited by Jesu VIllaWolf

      Hi @sandeep, I've got something else today, the server is running and working like a charm, but when I install ModSecurity and enable OWASP or COMODO rules, if I try to work in the site everything stops working properly... First 403, then Uploading files..., then database migration..., then wordpress...

      What I did was to to white list some of the rules I was finding in ModSecurity log by its ID, for example:

       SecRuleRemoveById 980130
       SecRuleRemoveById 949110
       SecRuleRemoveById 941100
       SecRuleRemoveById 911100
       SecRuleRemoveById 920350
       SecRuleRemoveById 913100
       SecRuleRemoveById 920280
      

      I haven't even started to work full on the site, I'll I have been doing is setting it up and all these trouble......!!

      My real question is how can I better handle ModSecurity, so all my sites don't get all these false positive?? is there a known false positive list, just to add and let it be?? Can I just white list IP's, my IP and the servers IP maybe??.

      Thanks in advance.

      PS (IT'S UNINSTALLED FOR NOW..!!)

      sandeep JosePP 2 Replies Last reply Reply Quote 0
      • sandeep
        sandeep @Jesu VIllaWolf last edited by

        @jesu-villawolf hello
        there are no specific rule list for WordPress i recommend you to use comodo WAF which have lower numbers of false positive. Probably youi'll get 3-4 max false positive (for me, as websites are all different) which you need to disable.

        1 Reply Last reply Reply Quote 1
        • JosePP
          JosePP @Jesu VIllaWolf last edited by

          @jesu-villawolf said in What are ModSecurity best practices?:

          Hi @sandeep, I've got something else today, the server is running and working like a charm, but when I install ModSecurity and enable OWASP or COMODO rules, if I try to work in the site everything stops working properly... First 403, then Uploading files..., then database migration..., then wordpress...

          What I did was to to white list some of the rules I was finding in ModSecurity log by its ID, for example:

           SecRuleRemoveById 980130
           SecRuleRemoveById 949110
           SecRuleRemoveById 941100
           SecRuleRemoveById 911100
           SecRuleRemoveById 920350
           SecRuleRemoveById 913100
           SecRuleRemoveById 920280
          

          I haven't even started to work full on the site, I'll I have been doing is setting it up and all these trouble......!!

          My real question is how can I better handle ModSecurity, so all my sites don't get all these false positive?? is there a known false positive list, just to add and let it be?? Can I just white list IP's, my IP and the servers IP maybe??.

          Thanks in advance.

          PS (IT'S UNINSTALLED FOR NOW..!!)

          We work with the rules of comodo and what we do is teach customers to disable rules that affect them. So far we have no problems and they are managing themselves 😉

          Jesu VIllaWolf 1 Reply Last reply Reply Quote 2
          • Jesu VIllaWolf
            Jesu VIllaWolf @JosePP last edited by Jesu VIllaWolf

            Thanks @josepp, that is just what I have been doing, ModSec learning curve, so far enabled COMODO and disabled ModSecurity from the local accounts, my working team is just two people, we have to finish migrating and then tune up ModSec site by site, what I do know is that ModSecurity will be in our lives from now on.
            👍

            1 Reply Last reply Reply Quote 0
            • 1 / 1
            • First post
              Last post

            Recent Topics

            • Serious error with quotas

            • Centos 8 Stream CWP - Delayed Update and CWP repositories are added

            • Update NGINX Stable v1.16.1 to latest NGINX Stable v1.18.0 for CWP & CWP PRO!

            • Phpmyadmin New Verison with autologin - CWP

            • PHP 8.0.0 testing - CWP

            • M

              Install php 7.4 on cwp

            • How to update phpMyAdmin v4.7.9 outdated version to the latest phpMyAdmin v4.9.2 for CWP and CWP PRO for Centos 7 !

            • How to Get A+ Score Rating with SSLLabs Qualys in CWP – Control web panel

            URLs HOME | Blog | Support Portal