A simple question for cPanel server admins.
What is your preferred method of using Free Modsecurity rules provided by Comodo Web Application Firewall, do you prefer deploying them as a cPanel ModSecurity Vendor or you prefer the CWAF Plugin?
And why?
I’m not cPanel admin but as CWAF support team employee would like to show these to methods advantages.
CWAF-plugin is more flexible in settings.
Rules updates could be scheduled by cron-jobs through web-interface and
also it has command-line support that would be useful for some administration tasks.
If our rules are deployed as cPanel ModSecurity Vendor there is no need to register login/password and install CWAF-plugin,
rules could be updated by:
/usr/local/cpanel/scripts/modsec_vendor update --auto
ModSecurity logs (rules work) are visible through web.
Should we disable the vendor version if the cPanel plugin is installed? Will it cause conflicts?
In both causes the same ruleset is used.
There is no need to use our rules as ModSecurity Vendor and with CWAF plugin simultaneously.
File /usr/local/apache/conf/modsec2.conf determines the way our rules are used. This file should be included in httpd.conf