Vuln mod security disabled

From Atomicorp Wiki
Jump to: navigation, search

This vulnerabilty means that the web application firewall is disabled on your system. This can happen for one of two reasons:

1) The web application firewall was disabled in ASL, check that these two settings are enabled:

https://wiki.atomicorp.com/wiki/index.php/ASL_WAF#MODSEC_ENABLED

https://wiki.atomicorp.com/wiki/index.php/ASL_WAF#WAF_ENGINE

If these settings are enabled, see #2 below.


2) A third party product has disabled the Web Application Firewall on the system.

If the setting above is enabled, then a third party product has disabled the web application firewall on your system. Do not enable modsecurity in third party products, such as controls like cPanel, Plesk and others. These products will cause conflicts and it is not necessary to enable modsecurity in any third party product with ASL.

Please contact your control panel vendor for assistance with disabling modsecurity in their products. Once you do this, you must re-run the ASL installer to repair any damage to your WAF configuration a third party product may cause.

Personal tools