Control Web Panel
Security => Mod_Security => Topic started by: venty on June 16, 2025, 06:17:43 PM
-
Hi,
The OWASP CRS ruleset 4.15.0 was just released .... how to install them???
Thanks in advance!
BR
Venty
-
You can use this guide, just change the version number.
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/owasp-crs-ruleset-update-to-4-12-0-running-cwp-and-apache-on-almalinux-8-9/ (https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/owasp-crs-ruleset-update-to-4-12-0-running-cwp-and-apache-on-almalinux-8-9/)
-
You can use this guide, just change the version number.
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/owasp-crs-ruleset-update-to-4-12-0-running-cwp-and-apache-on-almalinux-8-9/ (https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/owasp-crs-ruleset-update-to-4-12-0-running-cwp-and-apache-on-almalinux-8-9/)
Hi,
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/owasp-crs-ruleset-update-to-4-12-0-running-cwp-and-apache-on-almalinux-8-9
step 5 - Is it okay?
BR
Venty
-
Hi,
Ok, I've done everything for version OWASP CRS v4.15.0, as in these instructions for version OWASP CRS v4.12.0...
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/owasp-crs-ruleset-update-to-4-12-0-running-cwp-and-apache-on-almalinux-8-9
Please take a look:
https://prnt.sc/wNgzhHlIyj25
https://prnt.sc/6XE5ZHQpmNXU
How can I be sure that the security mod works with version OWASP CRS v4.15.0 of the rules?
Thanks in advance!
BR
Venty
-
Did you follow the initial link at the top of the article and update ModSecurity to 2.9.8?
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-modsecurity-2-9-8-running-cwp-and-apache-on-almalinux-8-9/ (https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-modsecurity-2-9-8-running-cwp-and-apache-on-almalinux-8-9/)
From your screen shot, it looks like you stopped somewhere before Step 8.
In your owasp.conf, you want it to have those only those 3 lines listed:
Include /usr/local/apache/modsecurity-rules/owasp-crs/coreruleset-4.12.0/crs-setup.conf
Include /usr/local/apache/modsecurity-rules/owasp-crs/coreruleset-4.12.0/rules/*.conf
Include /usr/local/apache/modsecurity-rules/custom-rules/global_disabled_rules.conf
I can login and do this real quick if you want.
-
Did you follow the initial link at the top of the article and update ModSecurity to 2.9.8?
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-modsecurity-2-9-8-running-cwp-and-apache-on-almalinux-8-9/ (https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-modsecurity-2-9-8-running-cwp-and-apache-on-almalinux-8-9/)
From your screen shot, it looks like you stopped somewhere before Step 8.
In your owasp.conf, you want it to have those only those 3 lines listed:
Include /usr/local/apache/modsecurity-rules/owasp-crs/coreruleset-4.12.0/crs-setup.conf
Include /usr/local/apache/modsecurity-rules/owasp-crs/coreruleset-4.12.0/rules/*.conf
Include /usr/local/apache/modsecurity-rules/custom-rules/global_disabled_rules.conf
I can login and do this real quick if you want.
Hi,
To perform the update to 2.9.8, but after installation of mod security and updating to 2.9.8, everything is OK, I have the entry "ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/) configured.", but I also have the entry "ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On."... To perform the update to 2.9.8, but after installation of mod security and updating to 2.9.8, everything is OK, I have the entry "ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/) configured.", but I also have the entry "ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On."... What should I do..?
And then perform all the steps, not only up to step 8, please see:
https://prnt.sc/KeSRfdW2nphb
https://prnt.sc/eXDRn9GCDBlx
https://prnt.sc/FN0twkI-TC-A
https://prnt.sc/dyXLr7rwtqK7
https://prnt.sc/-9TIbLitg9ie
I'm sure you'll do it quickly, but let me struggle, someone figure it out, please ...
BR
Venty
-
I am using Comodo WAF as CWP alerts "We recommend using Comodo WAF rules as they are much simpler and easier for beginners."
Can you please highlight the difference and which option is better?
-
It used to be the better option, but Comodo is in an identity crisis and hasn't updated its definitions since Jan 2024, so it is now effectively dead. Best to go with the OWASP-old which is current. Follow Starburst's guide to update to Mod Security 2.9.8 and then get the latest 4.15 OWASP definitions.
-
Did you follow the initial link at the top of the article and update ModSecurity to 2.9.8?
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-modsecurity-2-9-8-running-cwp-and-apache-on-almalinux-8-9/ (https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-modsecurity-2-9-8-running-cwp-and-apache-on-almalinux-8-9/)
From your screen shot, it looks like you stopped somewhere before Step 8.
In your owasp.conf, you want it to have those only those 3 lines listed:
Include /usr/local/apache/modsecurity-rules/owasp-crs/coreruleset-4.12.0/crs-setup.conf
Include /usr/local/apache/modsecurity-rules/owasp-crs/coreruleset-4.12.0/rules/*.conf
Include /usr/local/apache/modsecurity-rules/custom-rules/global_disabled_rules.conf
I can login and do this real quick if you want.
Hi,
To perform the update to 2.9.8, but after installation of mod security and updating to 2.9.8, everything is OK, I have the entry "ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/) configured.", but I also have the entry "ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On."... To perform the update to 2.9.8, but after installation of mod security and updating to 2.9.8, everything is OK, I have the entry "ModSecurity for Apache/2.9.8 (http://www.modsecurity.org/) configured.", but I also have the entry "ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On."... What should I do..?
And then perform all the steps, not only up to step 8, please see:
https://prnt.sc/KeSRfdW2nphb
https://prnt.sc/eXDRn9GCDBlx
https://prnt.sc/FN0twkI-TC-A
https://prnt.sc/dyXLr7rwtqK7
https://prnt.sc/-9TIbLitg9ie
I'm sure you'll do it quickly, but let me struggle, someone figure it out, please ...
BR
Venty
-
Why do you quote your posts that are directly above with nothing new to add?
-
What happened to the configuration I did on your server on 2025-06-27?
Everything was working fine.
ModSecurity 2.9.8 was installed, and so was the OWASP CRS 4.15.0 ruleset.
Your configuration paths aren't showing how they where set.
Include /usr/local/apache/modsecurity-rules/custom-rules/startup/*.conf
Include /usr/local/apache/modsecurity-rules/owasp-crs/coreruleset-4.15.0/crs-setup.conf
Include /usr/local/apache/modsecurity-rules/custom-rules/before/*.conf
Include /usr/local/apache/modsecurity-rules/owasp-crs/coreruleset-4.15.0/rules/*.conf
Include /usr/local/apache/modsecurity-rules/custom-rules/after/*.conf
/modsecurity-rules/custom-rules/before/global_disabled_rules.conf
has rules needed by CWP.
Unless you moved them to the path you are showing now.
Your welcome to tweak things if you want, but just note it's easy to break things in ModSecurity.
-
@venty
I apologize, I'm getting you mixed up with someone else.
-
.............
Your configuration paths aren't showing how they where set.
Include /usr/local/apache/modsecurity-rules/custom-rules/startup/*.conf
Include /usr/local/apache/modsecurity-rules/owasp-crs/coreruleset-4.15.0/crs-setup.conf
Include /usr/local/apache/modsecurity-rules/custom-rules/before/*.conf
Include /usr/local/apache/modsecurity-rules/owasp-crs/coreruleset-4.15.0/rules/*.conf
Include /usr/local/apache/modsecurity-rules/custom-rules/after/*.conf
/modsecurity-rules/custom-rules/before/global_disabled_rules.conf
has rules needed by CWP.
........................
Hi,
Тhank you very much, I understood everything, just one last thing to clarify:
1. The permanent deactivation or bypass of rules happens again in the file global_disabled_rules.conf, which is in /usr/local/apache/modsecurity-rules/custom-rules/before/?
Thanks in advance!
BR
Venty
-
Yes, when you installed Mod_Security under CWP before the modifications, there would have been a file in there called global_disabled_rules.conf.
Just copy that over to /modsecurity-rules/custom-rules/before/
-
@starburst
Installed OWASP CRS Ruleset 4.16.0 as per your guide.
Working fine.
Thank you
-
In order to support an e-commerce site and a service industry site, here's a couple more rules I had to add to the WordPress section of the disabled rules files:
/usr/local/apache/modsecurity-owasp-old/global_disabled_rules.conf
SecRuleRemoveById 981172
SecRuleRemoveById 981319
-
That's very helpful because I plan to update the OWASP rules to the latest version and we are hosting various websites.
Thanks.
-
Hi,
Many thanks to Starburst...., but should I merge the two in the rbl.conf file
https://prnt.sc/9Tp9vbYKVfdk
BR
Venty
-
You can do it anyway you like your system setup.
As long as ModSecurity reads the .conf