Facebook
Twitter
atomicturtle
Golden Pleskian
mod_security comes with ASL as well
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion
T
teiz77
Guest
well... mod_security does cause some problems with Horde webmail... The redirect function doesn't seem to work. I must disable it untill I find out what's wrong...
So don't use it with the standard rules when you want to be able to use your webmail.
So don't use it with the standard rules when you want to be able to use your webmail.
atomicturtle
Golden Pleskian
If you're going to use the gotroot.com rules, you'll have to do a lot of tuning. They're very broad in scope and change daily. Thats the "raw" feed that we're using to test and integrate with the mod_security rules we use in ASL.
G
Griffith
Guest
I've got no problems with mod_security causing trouble with webmail... but, to watch for false positives you can pay close attention to /var/log/httpd/audit.log and if you find false positives, disable those rules 
But yes, the rules need some modifications.. etc frontpage ++
But yes, the rules need some modifications.. etc frontpage ++
atomicturtle
Golden Pleskian
Yep, you cant use mod_security with frontpage at all since microsoft wont release the specs.
B
BoXie
Guest
But it should be possible to just disable the rules that block Frontpage ? Or am i wrong ?
T
teiz77
Guest
How stupid... I somehow didn't disable one of the experimental rules. Everthing works flawless now...
F
faris
Guest
Yes, you can disable the rules for FrontPage very easily.
I think (but I'm not 100% sure) that the mod_sec rpm available in the ASL channel has them disabled for FP by default. Scott? But if not, it is just a matter of adding a few lines to the config file. A 10 second job. You'll find details on ART's forums (search for FrontPage) in the Security section.
Similarly you can disable them for Horde/Imp.
Faris.
I think (but I'm not 100% sure) that the mod_sec rpm available in the ASL channel has them disabled for FP by default. Scott? But if not, it is just a matter of adding a few lines to the config file. A 10 second job. You'll find details on ART's forums (search for FrontPage) in the Security section.
Similarly you can disable them for Horde/Imp.
Faris.
atomicturtle
Golden Pleskian
Right, we've been tailoring ASL's mod_security for PSA, adding in a rules update agent (a la freshclam), etc.
M
md3vxx
Guest
mod_security
Does anyone have a recommended ruleset or pre-configured ruleset for a 'default' Plesk box?
Are most people installing mod_security via: yum install mod_security using Art's channels?
m.
Does anyone have a recommended ruleset or pre-configured ruleset for a 'default' Plesk box?
Are most people installing mod_security via: yum install mod_security using Art's channels?
m.
atomicturtle
Golden Pleskian
Yep, we've been putting together mod_security rules for PSA in ASL.
M
md3vxx
Guest
ASL Rules
Are the rule sets available to people who are not running ASL or are they/will they be sold seperately?
Are the rule sets available to people who are not running ASL or are they/will they be sold seperately?
G
gromett
Guest
Had a quick look at your products and they seem promising. Do you have any plans for Virtuozzo based servers? As they use custom kernels I am not sure if it will work "out of the box"
atomicturtle
Golden Pleskian
Given the way viruozzo works, I don't think it will be possible to combine the ASL kernel with it (which is the most importat part). You can however get the IDS components to work in viruozzo, namely mod_security and mod_dosevasive, as those are just regular old userspace applications. In fact we've been working on ASW (Atomic Secured Windows) which obviously won't have the hardened kernel either, which is more or less the same idea.
B
BoXie
Guest
Atomic,
Why don't you promote this great ruleset some more ?
Maybe a big fat hyperlink on www.modsecurity.org itself should be an option?
I think it's a real valuable collection of rules .. everybody should know about it.
btw: Is it 100% compatible with Plesk 7.5.3 functionality ? Or are there (still) some issues) ?
Why don't you promote this great ruleset some more ?
Maybe a big fat hyperlink on www.modsecurity.org itself should be an option?
I think it's a real valuable collection of rules .. everybody should know about it.
btw: Is it 100% compatible with Plesk 7.5.3 functionality ? Or are there (still) some issues) ?
atomicturtle
Golden Pleskian
Ivan (who wrote mod_security) was saying he was going to change all his links to go to gotroot.com.
Believe me, I will be promoting ASL a lot more in the future, I've just been squaring away some design components with the whole system. A big huge mindnumbling labor intensive part of IDS systems are tuning those rules, whats right for one platform is wrong for another. We literally work on them every day, since the environment youre defending is so dynamic and complex.
The rules on gotroot.com are all our rules for all products (including IIS, PSA, etc), 0 day, least-privilege, and many of them completely untested. AFIAK the gotroot rules break PSA application vault packages.
Believe me, I will be promoting ASL a lot more in the future, I've just been squaring away some design components with the whole system. A big huge mindnumbling labor intensive part of IDS systems are tuning those rules, whats right for one platform is wrong for another. We literally work on them every day, since the environment youre defending is so dynamic and complex.
The rules on gotroot.com are all our rules for all products (including IIS, PSA, etc), 0 day, least-privilege, and many of them completely untested. AFIAK the gotroot rules break PSA application vault packages.
