Welcome to the JaguarPC Community
JaguarPC
Sales: (888) 338-5261
Support: (888)-551-3050
Results 1 to 3 of 3

This is a discussion on mod_security in the General Hosting and Network Support forum
Is mod_security something I should configure on my VPS? I have CSF installed, but it recommends mod_security. Is there any drawback or potential problems with ...

  1. 12-02-2011, 06:25 PM #1
    gohighvoltage
    gohighvoltage is offline
    Voluntarily Retired gohighvoltage's Avatar
    Join Date
    Jan 2011
    Posts
    641

    mod_security

    Is mod_security something I should configure on my VPS? I have CSF installed, but it recommends mod_security.

    Is there any drawback or potential problems with installing mod_security?

    Is it worth installing? How is it different from CSF?
    Thanks!
    High Voltage Computer Repair Service
    GoHighVoltage Computer Repair forum
    GoHighVoltage Business and Web Directory
    High Voltage Remote Computer Repair Service
    Reply With Quote Reply With Quote
  2. 12-02-2011, 11:04 PM #2
    Jamsori
    Jamsori is offline
    JPC Member
    Join Date
    Nov 2011
    Location
    Australia
    Posts
    21
    mod_security is an Apache module that blocks code that can be used to exploit your web server. It's different in the aspect that CSF + LFD check logins, ports and network connections, whereas mod_security checks web scripts and pages for code that can cause issues.

    I highly recommend using it with the Gotroot rules here: mod_security rules : Got Root - the free rules are really good, but obviously 90 days outdated, which may or may not be seen as an issue by you. The link on that page is broken, so go here: Atomicorp

    The only drawback is that the default rules cause issues with some scripts. The gotroot rules are much better in this regard, but may still have the odd issue. You can block problem rules using this free cPanel plugin by the developers of CSF: ConfigServer ModSecurity Control

    Is it worth installing? I can't believe you haven't been using it.
    Reply With Quote Reply With Quote
  3. 12-03-2011, 04:40 PM #3
    gohighvoltage
    gohighvoltage is offline
    Voluntarily Retired gohighvoltage's Avatar
    Join Date
    Jan 2011
    Posts
    641
    Quote Originally Posted by Jamsori View Post
    mod_security is an Apache module that blocks code that can be used to exploit your web server. It's different in the aspect that CSF + LFD check logins, ports and network connections, whereas mod_security checks web scripts and pages for code that can cause issues.

    I highly recommend using it with the Gotroot rules here: mod_security rules : Got Root - the free rules are really good, but obviously 90 days outdated, which may or may not be seen as an issue by you. The link on that page is broken, so go here: Atomicorp

    Thank you Jamsori. I guess I should install it. I just didn't want to cause any issues with vbulletin, etc. sounds like a good thing to have!


    The only drawback is that the default rules cause issues with some scripts. The gotroot rules are much better in this regard, but may still have the odd issue. You can block problem rules using this free cPanel plugin by the developers of CSF: ConfigServer ModSecurity Control

    Is it worth installing? I can't believe you haven't been using it.



    Thank you Jamsori. I guess I should install it. I just didn't want to cause any issues with vbulletin, etc. sounds like a good thing to have!
    High Voltage Computer Repair Service
    GoHighVoltage Computer Repair forum
    GoHighVoltage Business and Web Directory
    High Voltage Remote Computer Repair Service
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules