Mod_Security should not overwrite anything, it only does that when you change a setting like ModSec Rules Profile or Rules ENgine.
It is not mod_security
I mentioned before, it is the CWP Security Daemon that is checking the integrity of the files and overwrites known system files that have unknown edits.
My host (InMotion Hosting) confirmed that to me. Maybe it's their custom security module. I don't know.
The only thing I know is that on a regular basis, my mod_security.conf file would get overwritten with the default "Include:" path creating a chaos on my websites.
I hope this helps.
Yea, CWP doesn't do that... It doesn't even have a 'security daemon'. Only thing CWP does automatically is SSL generation/renewals, and update to the control panel itself.
So the info from InMotion is inaccurate, or is their security module, that I would disable, if it causing problems.
Otherwise we would be having problem with all of our servers. And we are not, and others are not reporting that problem either.
Topic: OWASP CRS v4.15.0 Just Release (Read 1400 times)
