OWASP Rules

LawsHosting

LawsHosting

Verified User
Joined
Sep 13, 2008
Messages
2,371
Location
London UK
Am I the only one who has endless issues with these rules with Wordstress, Drupal, etc?

Whenever I attempt to disable a rule, it doesn't seem to work. If I disable mod security outright, that works.

How can I debug this mess? Where does the whitelist reside for each domain?

eg. The rules (i.e. 932130) are is catching \x0d\x0a stuff which the client is only editing a template 🤷‍♂️

Had nothing like this with COMODO Rules.
 
Peter Laws said:
Whenever I attempt to disable a rule, it doesn't seem to work. If I disable mod security outright, that works.
Click to expand...
Are you disabling the rule globally using ModSecurity menu entry on admin level?
 
What is the point of
Code: 
/usr/local/directadmin/custombuild/data/users/<user>/domains/<domain>.subdomains
/usr/local/directadmin/custombuild/data/users/<user>/domains/<domain>.subbdomains_modsecurity_rules
I am unable to see any reference in user's httpd.conf, I just see
Code: 
/usr/local/directadmin/custombuild/data/users/<user>/domains/<domain>.modsecurity_rules
throughout, even for sub-domains.
 
This is starting to pee me off now......

Are you sure no one else is having issues with rules being hit willy-nilly?
 
I also think giving access to the user to turn off mod_security outright is a bit stupid to be honest
 
Peter Laws said:
I also think giving access to the user to turn off mod_security outright is a bit stupid to be honest
Click to expand...
Definitely agree with you on this - but DirectAdmin isn't the only control panel that allows for this. Allowing this results in at least two scenarios:

1) "My website was giving an error, but I disabled mod_security in my control panel and that fixed it!" ... "fixed" it!

2) I'm a web hosting customer that's up to no good. I want to do something damaging... I'll disable mod_security on my account to let me do that.

The same can also be said for allowing end-users to modify any PHP directive value. Nothing says great idea like allowing an end-user to self-govern and set their memory_limit to 24GB and max_execution_time to 10 days.

...

Now, having said all of that... I'm not sure if the Comodo mod_security ruleset is even still active. Not really sure if the OWASP ruleset is still active. Seems all of these mod_security rulesets have been abandoned and are no longer receiving updates. Or am I wrong?
 
sparek said:
Now, having said all of that... I'm not sure if the Comodo mod_security ruleset is even still active. Not really sure if the OWASP ruleset is still active. Seems all of these mod_security rulesets have been abandoned and are no longer receiving updates. Or am I wrong?
Click to expand...
I think the COMODO forums for WAF is dead - I replied to the thread on 5th May to ask if it is indeed dead, no one bothered to reply..... Nice for them for informing us via email (for those who have accounts) - not! If it is dead, bit bewildered that the waf . comodo . com is still there.

As for the OWASP rules, they are more intrusive, when I switched, I immediately got "my site(s) is erroring" tickets...... 🤷‍♂️🤷‍♂️
 
Isn't the last update to the OWASP modsecurity ruleset from December 2020?

So I'm not really sure if either of these projects are still active.
 
You must log in or register to reply here.
Back
Top