mod_security

Do you want to see mod_security in custombuild?


  • Total voters
    81
Just for the sake of Information management, could u objectively explain what it is/does and what its pro's and cons are ?
 
Need some good rules atleast, i tried some mega pack and it killed my joomla and some other stuff :)
 
Just like others stuff too,

### options.conf ###

mod_security=on|off

also some default configurations (light/medium/heavy security)
 
Digging up an old thread, but is there any thought of including mod_sec into apache 2.x? :)
 
Hello, currently CustomBuild still not have the mod_security integrated, is that right?
 
We have been running modsecurity 2.x for years.

The build is easy with apache 2.2 x64 and 2.4 x64.

Pros:
I believe it SHALL already prevent a number of automated attack(s) silently.

Cons:
The core (and difficult) part is the ruleset.
Default rule set shall cause some false-positive, even for Squirrelmail.

We have disabled a few rules for squirrelmail, and a few for general purpose.
Also, we need to use DA panel custom httpd configuration to disable particular rule(s) for particular user, which means some admin and communication work
 
Last edited:
Lots of rules need to be disabled for phpmyadmin, wordpress, etc.
It's only worth integrating with a sane set of rules, compatible with web hosting and built by a security specialist.
 
Back
Top