Web Hosting Forums

Results 1 to 3 of 3

This is a discussion on mod_security in the Hosting Talk & Chit-chat forum
Is mod_security something I should configure on my VPS? I have CSF installed, but it recommends mod_security. Is there any drawback or potential problems with ...

  1. #1
    Loyal Client gohighvoltage's Avatar
    Join Date
    Jan 2011
    Posts
    600

    mod_security

    Is mod_security something I should configure on my VPS? I have CSF installed, but it recommends mod_security.

    Is there any drawback or potential problems with installing mod_security?

    Is it worth installing? How is it different from CSF?
    Thanks!

  2. #2
    Loyal Client
    Join Date
    Nov 2011
    Location
    Australia
    Posts
    21
    mod_security is an Apache module that blocks code that can be used to exploit your web server. It's different in the aspect that CSF + LFD check logins, ports and network connections, whereas mod_security checks web scripts and pages for code that can cause issues.

    I highly recommend using it with the Gotroot rules here: mod_security rules : Got Root - the free rules are really good, but obviously 90 days outdated, which may or may not be seen as an issue by you. The link on that page is broken, so go here: Atomicorp

    The only drawback is that the default rules cause issues with some scripts. The gotroot rules are much better in this regard, but may still have the odd issue. You can block problem rules using this free cPanel plugin by the developers of CSF: ConfigServer ModSecurity Control

    Is it worth installing? I can't believe you haven't been using it.

  3. #3
    Loyal Client gohighvoltage's Avatar
    Join Date
    Jan 2011
    Posts
    600
    Quote Originally Posted by Jamsori View Post
    mod_security is an Apache module that blocks code that can be used to exploit your web server. It's different in the aspect that CSF + LFD check logins, ports and network connections, whereas mod_security checks web scripts and pages for code that can cause issues.

    I highly recommend using it with the Gotroot rules here: mod_security rules : Got Root - the free rules are really good, but obviously 90 days outdated, which may or may not be seen as an issue by you. The link on that page is broken, so go here: Atomicorp

    Thank you Jamsori. I guess I should install it. I just didn't want to cause any issues with vbulletin, etc. sounds like a good thing to have!


    The only drawback is that the default rules cause issues with some scripts. The gotroot rules are much better in this regard, but may still have the odd issue. You can block problem rules using this free cPanel plugin by the developers of CSF: ConfigServer ModSecurity Control

    Is it worth installing? I can't believe you haven't been using it.



    Thank you Jamsori. I guess I should install it. I just didn't want to cause any issues with vbulletin, etc. sounds like a good thing to have!

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •