Control Web Panel
Security => CSF Firewall => Topic started by: Bossmanuk on July 12, 2025, 03:52:02 PM
-
Hello Everyone,
I upgraded my version of Modsec to v2.9.11, and CSF has stopped blocking perm 1 into it. After the upgrade, is there anything I need to configure with CSF and the newly upgraded Modsec?
Thanks
BossmanUK
-
Confirm your update procedure was along these lines (no missing steps):
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-modsecurity-to-2-9-11-running-cwp-and-apache-on-almalinux-8-9/
Then install the latest OWASP ruleset:
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-owasp-crs-ruleset-to-4-16-0-running-cwp-and-apache-on-almalinux-8-9/
Then if you are having problems with CSF & LFD:
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/no-lfd-notifications-and-or-csf-not-blocking-ips-after-upgrading-to-owasp-latest-with-cwp-on-almalinux-8-9/
-
I have followed the instructions on installing the new ruleset, I also have the lastest version installed via CWP7 Pro control panel do I disable the built in ones? As I am not getting the notifications from Modsec to CSF even though I followed the instructions, but I have two OWASP's enabled.
One built in is called OWASP latest and the one I installed from your instructions I am assuming it is seeing OWASP latest as default.
Thanks
BossmanUK
-
You followed the Mod Sec installation/upgrade instructions and are running the OWASP-old setup. (I know it's counterintuitive naming, as you will actually be using the newest ruleset.)
-
I will insert some images which should explain it better
Image 1
https://www.awesomescreenshot.com/image/55468785?key=292a082769213cb3c21f207a540a3566
Image 2
https://www.awesomescreenshot.com/image/55468832?key=180b0fd60322284d46e9f0e543d2e995
Image 3
https://www.awesomescreenshot.com/image/55468860?key=78997c943777062ced2b19253474463c
Thanks
BossmanUK
-
Well right from the 1st screenshot it was started wrong to update ModSec & install the latest OWASP CRS ruleset.
CWP's 'OWASP Latest' is an old outdated version, and not the 'latest'
Uninstall ModSec & start over with 'OWASP old' selected.
Follow the guides at:
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-modsecurity-to-2-9-11-running-cwp-and-apache-on-almalinux-8-9/ (https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-modsecurity-to-2-9-11-running-cwp-and-apache-on-almalinux-8-9/)
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-to-owasp-crs-ruleset-running-cwp-and-apache-on-almalinux-8-9/ (https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-to-owasp-crs-ruleset-running-cwp-and-apache-on-almalinux-8-9/)
You can change 4.11.0 to 4.16.0
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/no-lfd-notifications-and-or-csf-not-blocking-ips-after-upgrading-to-owasp-latest-with-cwp-on-almalinux-8-9/ (https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/no-lfd-notifications-and-or-csf-not-blocking-ips-after-upgrading-to-owasp-latest-with-cwp-on-almalinux-8-9/)
-
I have been using this Modsec for years as I installed it when I first installed CWP7Pro. So, as I have 2.9.11 already installed should I just disable OWASP Latest and enable the other one then follow the instructions for the newer ruleset etc?
-
Yes, otherwise CWP seems to get confused.