Please support mod_ruid2 or mod_itk, and Caching, opcache, Apache 2.4, modsecurity
If there are security issues with caching that is understandable but there is a very big performance penalty too. At least allow the admin to configure and take the security risks on a shared host or provide an alternative.
I like this idea 
Hey all! It looks like my update here was lost in our data loss earlier this year. Unfortunately, we were unable to resolve the security issues that caused us concern in this, so we're back to square one on it. If that changes, we'll be back here with more updates.
Hey all! It looks like my update here was lost in our data loss earlier this year. Unfortunately, we were unable to resolve the security issues that caused us concern in this, so we're back to square one on it. If that changes, we'll be back here with more updates.
I'm going through some of our historical requests and wanted to clarify this one a bit. This is currently a limitation in ModSecurity, which isn't managed by cPanel. We have considered getting our hands into it, but we haven't seen enough of a need for us to devote resources to it at this time. Here's a quick breakdown of how one might solve the problems that ModSec has when using any of the per-user MPMs, though we don't have this on our roadmap at this time:
https://forums.cpanel.net/threads/mod-ruid-2-and-modsecurity.385712/page-2#post-1682052
I'm going through some of our historical requests and wanted to clarify this one a bit. This is currently a limitation in ModSecurity, which isn't managed by cPanel. We have considered getting our hands into it, but we haven't seen enough of a need for us to devote resources to it at this time. Here's a quick breakdown of how one might solve the problems that ModSec has when using any of the per-user MPMs, though we don't have this on our roadmap at this time:
https://forums.cpanel.net/threads/mod-ruid-2-and-modsecurity.385712/page-2#post-1682052
This is a fix. @benny - please lets try and solve this. I think it is a very common scenario. see: https://github.com/SpiderLabs/ModSecurity/issues/712#issuecomment-48206694
This is a fix. @benny - please lets try and solve this. I think it is a very common scenario. see: https://github.com/SpiderLabs/ModSecurity/issues/712#issuecomment-48206694
Out of curiosity, has the status of this issue changed with the release of v.58? I did notice that no alerts or notices were thrown in my EA4 instance when installing ITK alongside Modsecurity2 this week...
Out of curiosity, has the status of this issue changed with the release of v.58? I did notice that no alerts or notices were thrown in my EA4 instance when installing ITK alongside Modsecurity2 this week...
I contacted Felipe Zimmerle the lead developer at SpiderLabs who is really open to helping resolve this and collaborate with CPANEL. He wants to know the best developer contact. He is also tracking the issues specifically for CPANEL: https://github.com/SpiderLabs/ModSecurity/labels/CPANEL%20itk . I think you should also connect about modesec 3. I will cross post in forum but please get this in the right hands. I'm doing my best as a customer to help and I think this is a really big issue (ie. people disabling modsec so they can run modruid2 or itk) for the community.
I contacted Felipe Zimmerle the lead developer at SpiderLabs who is really open to helping resolve this and collaborate with CPANEL. He wants to know the best developer contact. He is also tracking the issues specifically for CPANEL: https://github.com/SpiderLabs/ModSecurity/labels/CPANEL%20itk . I think you should also connect about modesec 3. I will cross post in forum but please get this in the right hands. I'm doing my best as a customer to help and I think this is a really big issue (ie. people disabling modsec so they can run modruid2 or itk) for the community.
Hi,
Again, we are not disabling ModSec if they are using RUID2. We are not going to use ModSec 3, because it is not ready for production environments. Once ModSec gets these fixes into public, production ready builds, we will then upgrade.
Hi,
Again, we are not disabling ModSec if they are using RUID2. We are not going to use ModSec 3, because it is not ready for production environments. Once ModSec gets these fixes into public, production ready builds, we will then upgrade.
Hey everyone! We're starting to work on this internally again. Our security team is on top of keeping things done in the most secure way, and our EA team is on top of getting this as usable as possible. Once there's something tangible to share we'll be back!
Hey everyone! We're starting to work on this internally again. Our security team is on top of keeping things done in the most secure way, and our EA team is on top of getting this as usable as possible. Once there's something tangible to share we'll be back!
Hey all! It looks like my update here was lost in our data loss earlier this year. Unfortunately, we were unable to resolve the security issues that caused us concern in this, so we're back to square one on it. If that changes, we'll be back here with more updates.
Hey all! It looks like my update here was lost in our data loss earlier this year. Unfortunately, we were unable to resolve the security issues that caused us concern in this, so we're back to square one on it. If that changes, we'll be back here with more updates.
Replies have been locked on this page!