OWASP ruleset need to restart Apache to skip rule

Magician

Verified User
Joined
Jan 31, 2010
Messages
129
Location
EU / PL
Hi,

when I switch to OWASP from CWAF then I realize the skip rule option from DA ModSecurity doesn't work until I restart httpd.
It's a feature ;-) or should work correctly without restart Apache?

BTW. When i use Comodo Ruleset, then works ok. I switched to OWASP because have a problem with reinstallation (other topic).
 
Ok,

sometimes works, sometimes doesn't. I'm not sure when and why.
Can someone give me a info what is going on when someone using web interface to skip rule? When it should appear in system file? After this something should restart? https? php-fpm proceses?
Case from today - one rule block content - nothing showup in modsecurity from DA web interface but showup in http log.
Another case - I need to skip many rules to Joomla / mautic systems start works.
Is there a list fo rules which should skip to allow operate in Joomla / other systems?
 
I was going to open a thread, but I'll add to this.

I think I've found another problem........ Disabling rules via DA's own mod_security system does not work at AT ALL, even restarting/reloading Apache manually. To eliminate the symptom, need to disable mod_security ?‍♂️.....

Am I right in thinking, disabling a rule on the main domain will disable it from subdomains as well?

I find OWASP rules can be stricter...... And they give a 406 HTTP instead of a 403 HTTP.
 
Any idea if mod security is even worth using any more?

I'm seeing more and more complaints that sites are being hit by OWASP rules..... eg. Joomla mostly.

OWASP - They'll sting a website...
 
Back
Top