Knowledgebase
Anyone here running the complete mod_sec ruleset from gotroot?
Posted by jon-f, 04-12-2009, 11:04 PM | I just updated my mod_security rules to version 2 with the new rules from gotroot.com. I simply included them all. I know before with their 1.95 rules I had to sit and delete tons of useless rules as well as having to delete rules that interfered with peoples web apps.
So I figure it may be different with new version. Is anyone here running these rules on a hosting server? Doesn't matter cpanel or whatever, just an average shared server with moistly php/mysql sites.
If so, please lemme know if you have had any problems with any of the rules. Or if there are particular rulesets that are best to not include.
I am trying to save myself a lil time here because I have to do this on 8 servers so if I could hear from some people who are currently using this setup it would help me a great deal.
|
Posted by y0uknight, 04-12-2009, 11:46 PM | I've never had a problem with them, but personally I find their list too big and I like performance so I did the god written rules where 20% does 80% of the work.
|
Posted by jon-f, 04-12-2009, 11:48 PM | ya I just enabled them and that anti_malware and anti_spam rules are messed up, was blocking everyone saying their domain matched the blacklist.txt. Once I disabled that it looks good so far.
And yes you are right, that's a whole bunch of rules. ON 1.95 I sit and weeded out all useless rules and came up with a light and effective ruleset, but dang - taking about some work, I bet that took me 12 hours to go through completely
|
Posted by LoganNZ, 04-13-2009, 01:37 AM | Personally i dont disable the ones which effect my clients sites, i allow them via exceptions - as most of the false positives are vulnerable scripts if you look further.
But yeah, i use gotroot sec rules along with a mixture of my own.
|
|
Add to Favourites
Print this Article |
Also Read