The OWASP (Open Web Application Security Project) ModSecurity™ CRS (Core Rule Set) is a set of rules that Apache’s ModSecurity™ module can use to help protect your server. While these rules do not make your server impervious to attacks, they greatly increase the amount of protection for your web applications.
Why should I use the OWASP ModSecurity rule set?
Protection from insecure web application design — ModSecurity rule sets can provide a layer of protection for web applications such as WordPress, phpBB, or other types of web applications. It can potentially protect against vulnerabilities in out-of-date web applications that your customers have not patched. If the developer of an application makes a security mistake, ModSecurity may block a security attack before it can access the vulnerable application.
Protection against operating system level attack — ModSecurity rule sets can protect against attacks that exploit the operating system of your server. For example, in 2014, there was a security flaw in the Bash shell program that linux servers use. Security experts created ModSecurity rules to disallow the use of the exploit thought Apache. Server administrators took advantage of these ModSecurity rules and added additional security to their system until the release of a security patch for Bash shell.
Protect against generalized malicious traffic — Some of the security threats that server administrators face may not directly attack a program or application on your server. DoS (Denial of Service) attacks, for example, are common attacks. It is possible to reduce or mitigate the impact of such malicious traffic through the use of ModSecurity rules.
What are the risks?
As with any mechanism that blocks web traffic, there is the risk that the rules could block legitimate traffic (false positives). While both OWASP and cPanel, Inc. aim to curate the OWASP rule set to reduce the potential for false positives, there is a risk that the rule set may block legitimate traffic. Review the ModSecurity Tools ( Home >> Security Center >> ModSecurity™ Tools ) interface routinely to evaluate the traffic that the rule set blocks and whether these blocks affect legitimate users.
How do I use the OWASP ModSecurity rule set?
Select the ModSecurity (mod_security) Apache module when you use EasyApache (Apache Update) interface ( Home >> Software >> EasyApache (Apache Update) ). After you install the ModSecurity Apache module, use the ModSecurity Vendors interface ( Home >> Security Center >> ModSecurity™ Vendors ) to install the OWASP rule set. When you enable the configuration files, the rules become active. To review the logged notifications and blocked traffic from these rules, use the ModSecurity Tools interface ( Home >> Security Center >> ModSecurity™ Tools ).
Configuration files
The OWASP ModSecurity CRS uses configuration files that contain the rules that help protect your server. These configuration files group similar rules together to make them easier to manage.