Is ASL subscription rules supported for use in Parallels HSphere http://hsphere.parallels.com/docs/3.5.0 ... /16878.htm they refer to the gotroot mod_security rules which I presume are the free ones, but installing ASL is this the same thing as the mod_sec rules they refer to hence supported or not?

Sorry if I am unclear.

Thanks in advance.

Mark

gotroot is the free ruleset, derived from ASL. They are 90 days delayed.

That looks like Apache 1.x. Is that what hsphere uses, Apache 1? Or does it support Apache 2?

Hi Mike,

Thanks for the reply. Yes - it does support both Apache 1.x and 2.x - my particular web servers are running 2.x as Hsphere can cater for different configs on different servers given its a cluster solution.

As per the HSphere documentation:

"At the moment, the following Gotroot rules are supported (the list may differ for Apache 1.x and 2.x, modsecurity 1.9 and 2.0-2.1 versions):
•apache2-rules
•badips
•blacklist2
•blacklist
•exclude
•jitp
•proxy
•recons
•rootkits
•rules
•useragents"


Kind Regards,

Mark

Thank you for the clarification. So for Apache 2.x the rules should work just fine. ASL should work as well with Hsphere (provided you are using Apache 2.x), but we havent tested hsphere with ASL.

Apache 1.x isnt supported anymore as modsecurity for Apache 1.x was end of lifed many years ago - so I wouldnt recommend anyone use Apache 1.x and modsecurity.

With that said, if you want to just use the gotroot rules, make sure you follow the process for configuring your system at the URL below:

https://www.atomicorp.com/wiki/index.ph ... rity_Rules

Third party implementations/configurations are not supported.

Or, just install ASL:

https://www.atomicorp.com/products/asl.html

Hi Mike,

I'll try it out on my dev cluster - which is basically RHEL with Apache 2.x and let you know how I go.

thanks,

Mark

Any news on this?
I'm also interested in ASL for our HSphere servers.
Thanks,

Hello,
We have 4 Hsphere Web/MySQL servers so we were very interested in finding out if we could run ASL on them.

We implemented a Hsphere test server so that the ASL staff could make the necessary tests on it to see if ASL would run in HSphere servers.

The ASL tech staff determined that Hsphere is incompatible with ASL due to the MySQL server version that Hsphere uses.

This is their answer after completing the tests:
"Just wrapped up the test, it does not look like Hsphere is going to be compatible with ASL. They're using a non-standard mysql install. That would need to be replaced by the one from either centos, or atomic in order to proceed. "

It seems Hsphere allows to change the MySQL server as it is mentioned here:
http://kb.parallels.com/en/111959
But we decided not to go ahead with the change in MySQL version for fear of breaking our servers.

Hope this helps,

Regards,

Rodrigo
CRServers.com