My mod_security experience

About a week ago, I got mod_security installed on one of my cpanel boxes, and slept well, thinking that my phpBB forums would be well protected.

I noticed that upon reboots, my mysql server would not start, and needed me to restart the service.

Today, I get an email with this:

PHP Code:
/etc/cron.hourly/modsecparse.pl:

DBD::mysql::st execute failedLost connection to MySQL server during query at /etc/cron.hourly/modsecparse.pl line 69, <FILEline 11.
DBD::mysql::st execute failedMySQL server has gone away at /etc/cron.hourly/modsecparse.pl line 69, <FILEline 26.
DBD::mysql::st execute failedMySQL server has gone away at /etc/cron.hourly/modsecparse.pl line 69, <FILEline 41. 
I rebooted the server, and restarted mysql, and it seemed fine. I then got the same email about two hours later, and the same thing happened (mysql went down, and held a couple of databases open).

So, I've tracked it down to mod security. I deleted the hourly cron, and commented out three lines in my httpd.conf then restarted apache.

A couple of questions:

1. Do I need to do more to remove mod_security, or is it fine to leave in place, and commented out of httpd.conf (will cpanel update this). I have unchecked "install and keep updated" in the addon section, but have not uninstalled it.

2. Is it better to manually install mod_security, as opposed to using Cpanel install?

3. Any idea what I did wrong? I'd like to use mod_security again, but want to be safe

 

 

 

 

Top