Mod Security and Perl Scripts

[_Paz_]

Anyone here know anything about Mod Security?

I have a Perl script running on my site. Used to be fine, before my BlueScreen and reinstallation of OS. Now, as admin, I haven't been able to make changes on the "Settings" page, until today. The author of the script and I have been working without success until he suggested I have my website host make some modifications.

It's fixed now, but by having Mod Security turned OFF.

Anyone know how vulnerable this will make my site?

thanks,

Paz

[Bob]

That's difficult to say. It will depend entirely on how Mod Security was configured.

Mod Security is an open source Web Application Firewall. By itself, Mod Security doesn't do anything. It provides the tools to inspect inbound and outbound web traffic and provides a means to write rules to control the traffic. The rules are what provides the security. Mod Security does have a free core set of rules and there are companies that provide rules for a fee. It's entirely up to the web server provider as to whether or not they will incorporate any of them. Many leave that entirely up to the web site administrator. This is something you will need to discuss with your web site service provider.

It certainly sounds like there is a rule blocking access to your settings page. Perhaps reinstalling the OS changed something in your system that the rule is using to authenticate your access to the page. If your provider has Mod Security logging turned on, it should have logged an entry for the failed attempt and that may identify the rule. Once you know the specific rule, you should be able to determine whether it's something you can take care of on your computer or whether the rule needs to be modified.

[_Paz_]

If your provider has Mod Security logging turned on, it should have logged an entry for the failed attempt and that may identify the rule. Once you know the specific rule, you should be able to determine whether it's something you can take care of on your computer or whether the rule needs to be modified.

Yes! What a simple, but ingenious solution! Thank you!

I have learned that the only this one - of my subdomains - will have ModSecurity removed. This is an image upload script that requires visitors to join, using captcha code plus email verification for them to become members. All financial transactions will be on a different subdomain, that has a different script running on it.

The fact that the $$$ side will still have more protection relieves my concerns a great deal, but I will definitely check with my web host to see if they can figure out anything via a particular failure code.

Thanks, Bob! You're the best!

[_Paz_]

Update:

After several emails back and forth this afternoon, turning ModSecurity on and off and with my webhost "white listing" all the problems, they said there were so many it would be better to simply turn it off. They said the company they get their version of ModSecurity from has constant updates based on latest threats, that the threats and updates are always changing.

I've also found some companies that offer ModSecurity that I could pay a monthly fee for myself. I have not asked my web host if that would work with in their service or not, but it seems that would be likely to keep me busy all the time, so since there are no financial transactions involved, just the possible destruction of my site, I asked them to keep it off and I'll hope the hoops in the script itself keep hobgoblins out.

Bob, once again, thanks for you help. You have a marvelous ability to explain technical things in a way I can understand.

Paz