Released 2x Web Application Firewall for xenforo

DareSec

Inforc3r
Staff member
Administrator
Moderator
S.V.I.P Member
Collaborate
Registered
Joined
May 25, 2019
Messages
1,372
Points
523

Reputation:

OWASP (free)
OWASP ModSecurity Core Rule Set is very restrictive and might block some functions (for example, file sharing, webmail) and some features of web applications (for example, WordPress plugins).

Comodo (free)
Free ModSecurity Rules from Comodo. They provide basic protection.

Atomic Advanced (bought from Atomicorp)
Advanced ModSecurity Rules by Atomicorp include Atomic Standard rules plus a number of advanced features.

Which one is good? which doesnot create any problem error log

i am using plesk
 

boo

Well-known member
Registered
Joined
Aug 29, 2019
Messages
54
Points
28

Reputation:

OWASP (free)
OWASP ModSecurity Core Rule Set is very restrictive and might block some functions (for example, file sharing, webmail) and some features of web applications (for example, WordPress plugins).

Comodo (free)
Free ModSecurity Rules from Comodo. They provide basic protection.

Atomic Advanced (bought from Atomicorp)
Advanced ModSecurity Rules by Atomicorp include Atomic Standard rules plus a number of advanced features.

Which one is good? which doesnot create any problem error log

i am using plesk
DareDevilI believe modsecurity isn't needed for xenforo and if you Google this at their site you will see most people disable it.

That being said I do use it and theres already default rules exceptions provided https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.3/dev/rules/REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf you will need to use friendly url and activate REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf

Even with the exceptions above enabled I've added many manually myself and its a daily task checking the error logs.
 
Top