Integration of CSF and Mod_security

JPa_SK · September 11, 2022, 10:15pm

Hello friends from Interworx and all customers,

I am a long-term user of your Interworx control panel and I am very satisfied with it, especially with the possibility of managing multiple servers and the flexibility of controlling which server will respond to which service.
Also, your customer support is very good.

Unfortunately, in the times of a large number of Internet attacks on web servers, it would be most appropriate to consider integrating the CSF firewall and the apache module mod_security(WAF) into your Inerworx control panel. To both parts = Nodeworx and Siteworx.

An example of how others have done it can be found in CWP- http://control-webpanel.com, where it is very well done, both for the admin and the customer. Unfortunately, they lack multi-server administration and their support is not as good as yours.

I therefore ask you to reevaluate the priority for new services and features that you are going to add to your Interworx CP product.

We would very much like to continue to be your customers, but we lack more security support in the control panel

I believe that your other customers will also appreciate these services.

Thank you

Sincerely

Juraj

d2d4j · September 12, 2022, 5:25am

Hi

APF can be changed easily to CSF and works lovely. It was made by config server and is free

I would also buy CXS from config sercers

I always thought mod security was active in Apache

Many thanks

John

IWorx-Jenna · September 12, 2022, 12:33pm

Hello–

I responded to the ticket that you also submitted with this request, but figured it would be worth providing what I said, here, as well:

Thank you for your suggestions. As it is an outside, third party product, there are no plans to natively integrate CSF. However, it can be used without issue with InterWorx. Many customers, including our parent company, use ConfigServer’s CSF plugin that they developed for InterWorx. You always have the option to install and enable it on your servers.

modsec can also be used without issue with Interworx, we just don’t directly maintain or provide rules for it. It is in use on many customer’s servers, so that is also something you have the option to enable on yours.

I’ll create feature requests for both of these options, just tempering expectations on whether they will be accepted.

Thanks,
-Jenna

JPa_SK · September 12, 2022, 5:31pm

Hi @d2d4j - John and @IWorx-Jenna - Jena.

I know all the required systems , CSF, CXS, mod_security …
I have been using these systems (scripts) for many years, so we know how to use them and how to control and configure them.
Using the CLI is cumbersome and unusable for many ordinary end customers.

We don’t need the integration for us admins, we need them for our customers, specially mod_security…

Many of our customers are not very familiar with the technology of web hosting and other cyber security tools…

And for example WAF - mod_security must also be managed by customers.

We use them on our CWP servers (single web hosting) … for government websites …
In our case, WAF is very useful for hosting Wordpress sites …

These sites were even tested by penetration testers of the Government pentest team and without any findings or problems.

WAF on websites is set very paranoid, even to the point that if
the user wants to add an article to the wordpress website, he has to turn off WAF for a while, and after finishing editing and inserting, he has to turn WAF back on.

And such a mode of work requires the integration of mod_security (but also a firewall) into the webhosting control panel. It makes it easier for less knowledgeable customers.

Try to get inspired by the CWP control panel…

We really like the IWX control panel, especially the SUPPORT that your company provides and how it provides.

But there are things that are starting to become necessary these days.
Believe that the integration of CSF, mod_security and certainly other tools to increase cyber security …

We also believe that in certain cases a change of plans can bring greater benefit and perhaps even success.

Maybe we are very paranoid, but it is certainly better than neglecting this.

We wish you a lot of strength for further innovations of your control panel.

We will be happy to help you in this if necessary.

Juraj
CEO

IWorx-Jenna · September 12, 2022, 6:55pm

Hello–

We are beholden to a parent company, so we don’t really have a lot of say as to where our focus is for new features. Especially as there are methods already in place for customers to use these third party systems.

A feature request has been logged, though. Thank you for your suggestion.

Thanks,
-Jenna

JPa_SK · September 13, 2022, 5:01pm

Hi Jenna,
I fully understand, but i think parent company must see and must understand, that cyber security of customers web sites must be priority Nr.1.

Bye Juraj

JPa_SK · September 13, 2022, 5:12pm

Hi Jenna,
please where is it possible to download “ConfigServer’s CSF plugin for InterWorx”
We would like to use it.

may be Parent company can develop plugin for Mod_security, for both interfaces, Nodeworx and Siteworx…
It would be very nice and usefull.
Thanks Juraj

IWorx-Jenna · September 13, 2022, 6:30pm

Hello–

Our parent company uses the CSF plugin and mod_security in the way it is currently offered. Their sites are already protected with the current offerings/procedure, so there is no hurry to change this method.

They are more interested in us finishing development for AlmaLinux/Rocky 8 and 9 support. That is the primary driving focus of development at this time. We are only a 7 person team, including myself. There are not a lot of resources to spare to suddenly divert attention at this time to making an interface for outside features that can already be used in conjunction with InterWorx. Again, your feature requests have been logged.

The CSF plugin the ConfigServer developed is on their website: ConfigServer Security & Firewall (csf)

Thanks,
-Jenna