ModSecurity Settings for 12.0 Panel

Shoeman

I’ve been testing ModSecurity configurations on my WordPress sites and running into some issues. I'm editing the config at:
/etc/modsecurity.d/modsec.customisations.conf
And restarting NGINX.

With the default settings, enabling ModSecurity prevents me from logging into WordPress. We managed to fix the login issue by disabling SecRuleRemoveById 959100, but then I ran into another problem—I can’t save WordPress posts while ModSecurity is enabled.

Has anyone else encountered this? If so, do you have any ModSecurity rules or custom configurations that work well with WordPress? Any advice would be greatly appreciated!

twest

Oof... Look at old threads, I posted a ton of exclusions needed to get most functions of WP working again. I gave up when it became apparent it was never gonna end finding things to exclude... Literally excluding more of MS than could be left allowed running.

The only really useful thing about it is the gui in the control panel, so you can stick all your Apache configs in there (if you use Apache) lol

Better to just get cpfence (really impressive at this point) or one of the others available. At least then you can offload the effort of excluding/whitelisting things to someone else.

Shoeman

@"twest"
Thank you, I think it may have been some of your threads I was seeing earlier, sounds like it still hasn't been solved. I'm getting closer to what I need, but I'll probably just switch to cpfence. That does look really nice, and more affordable than my server provider can do. I appreciate the response!

8Dweb

@Shoeman I agree with @twest - cpfence has made wp security a breeze on Enhance. We still do some other hardening at the server level, and monitor as much as possible, but already, their product has found several "issues" that our older solution on Plesk missed.

Shoeman

8Dweb Thanks, Im sold on changing to cpFence. I just wasted another hour or so getting close with modsecurity, but its hacky at this point and I can't get uploads to work with wordpress.

I must say im new to cpfence, but it seems great. Is it the same company as enhance?
Do you typically get the multiple server option? To protect the main control panel, and then another license to protect the server that holds the websites?

Thinking I probably only need one license.

rdbf

Shoeman Thanks, Im sold on changing to cpFence. I just wasted another hour or so getting close with modsecurity, but its hacky at this point and I can't get uploads to work with wordpress.

You'll be switching to OpenLiteSpeed though from Nginx. And it will still need the occasional whitelisting of modsecurity rules, but not a lot.

It's either a license per server, or a license for the whole cluster of servers based on the website count.

cPFence

Shoeman I must say im new to cpfence, but it seems great. Is it the same company as enhance?

Thanks for your interest in cPFence! Just to clarify, cPFence is not owned by or affiliated with Enhance, we’re a completely independent company.

8Dweb

Shoeman

I use a multi-server licenses with cPFence.
They are a separate company from Enhance
I utilize it on nearly all the Enhance servers (our bqckup servers are on private-class IP ranges)
In the time I have utilized it, I have only had to whitelist two WAF rules for our clients.

Welcome to Enhance.

Shoeman

rdbf Oh, thats good to know. I was having an issue with openlightspeed on one of my sites. I'll take a look at that issue first. Thanks!