Tweet
Im using Imunify360 on cPanel without CSF.
Ive been using it for a while and have been getting a lot of false positives in cPanels ModSecurity and I started disabling those rules messing with my websites. I realized this is not the solution (disabling rules).
I found information in the Imunity360 docs that SecRuleEngine should be set to DetectionOnly, which I then realized was not. (Although the docs are a bit unclear on the ModSecurity settings when NOT using CSF)
I changed it in WHM -> ModSecurity Configuration -> Rules Engine = "Process the rules in verbose mode, but do not execute disruptive actions.". Which I guess is "DetectionOnly".
Is this the correct setting for Imunify360 on cPanel without CSF? Is it safe enough?
And also, should I be using CSF together with Imunify360 (since there is so much talk about CSF, also in the docs)?
Ive been using it for a while and have been getting a lot of false positives in cPanels ModSecurity and I started disabling those rules messing with my websites. I realized this is not the solution (disabling rules).
I found information in the Imunity360 docs that SecRuleEngine should be set to DetectionOnly, which I then realized was not. (Although the docs are a bit unclear on the ModSecurity settings when NOT using CSF)
I changed it in WHM -> ModSecurity Configuration -> Rules Engine = "Process the rules in verbose mode, but do not execute disruptive actions.". Which I guess is "DetectionOnly".
Is this the correct setting for Imunify360 on cPanel without CSF? Is it safe enough?
And also, should I be using CSF together with Imunify360 (since there is so much talk about CSF, also in the docs)?
Comment