Enabling ModSecurity (Updated)

For years, I’ve not used ModSecurity for any of my own sites. Way back when I first tried ModSecurity, there were just too many false positives, so I stayed away from it, opting instead to develop my own fast Apache/.htaccess firewall. But my web host now is telling me that ModSecurity is required on all of their managed VPS plans. I would have left and moved my sites to another web host, but after some thought realized that it would […]


This content originally appeared on Perishable Press and was authored by Jeff Starr

For years, I’ve not used ModSecurity for any of my own sites. Way back when I first tried ModSecurity, there were just too many false positives, so I stayed away from it, opting instead to develop my own fast Apache/.htaccess firewall. But my web host now is telling me that ModSecurity is required on all of their managed VPS plans.

I would have left and moved my sites to another web host, but after some thought realized that it would take less time (hopefully) to enable and test ModSecurity than it would to relocate all of my sites to a new server. So, finally pulled the trigger and enabled ModSecurity on most of my sites. This article is simply a summary of the experience, and will be updated with any found bugs or false positives, etc.

Enabling ModSecurity

My web host provides Plesk as the server control panel, which makes it simple to enable (or disable) ModSecurity as needed. After checking the box and choosing some basic options, I mindfully clicked the “save changes” button and immediately went to check all of my domains..

All smooth so far..

After some time checking my sites, everything seems to be running smoothly. No problems so far, will keep my eye on it and report back with any issues.

Update 6 months later

Very happy to report that everything continues going smoothly with ModSecurity. I actively inspect the site’s access and error logs to keep a close eye on traffic. Turns out that ModSecurity is indeed blocking some bad requests, and working great together with 7G Firewall with no false positives or other issues.

Update another 3 months later

Still going good no issues or false positives after almost a year of enabling ModSecurity. And here I thought this was going to be interesting, lol.



This content originally appeared on Perishable Press and was authored by Jeff Starr


Print Share Comment Cite Upload Translate Updates
APA

Jeff Starr | Sciencx (2022-01-30T19:26:34+00:00) Enabling ModSecurity (Updated). Retrieved from https://www.scien.cx/2022/01/30/enabling-modsecurity-updated/

MLA
" » Enabling ModSecurity (Updated)." Jeff Starr | Sciencx - Sunday January 30, 2022, https://www.scien.cx/2022/01/30/enabling-modsecurity-updated/
HARVARD
Jeff Starr | Sciencx Sunday January 30, 2022 » Enabling ModSecurity (Updated)., viewed ,<https://www.scien.cx/2022/01/30/enabling-modsecurity-updated/>
VANCOUVER
Jeff Starr | Sciencx - » Enabling ModSecurity (Updated). [Internet]. [Accessed ]. Available from: https://www.scien.cx/2022/01/30/enabling-modsecurity-updated/
CHICAGO
" » Enabling ModSecurity (Updated)." Jeff Starr | Sciencx - Accessed . https://www.scien.cx/2022/01/30/enabling-modsecurity-updated/
IEEE
" » Enabling ModSecurity (Updated)." Jeff Starr | Sciencx [Online]. Available: https://www.scien.cx/2022/01/30/enabling-modsecurity-updated/. [Accessed: ]
rf:citation
» Enabling ModSecurity (Updated) | Jeff Starr | Sciencx | https://www.scien.cx/2022/01/30/enabling-modsecurity-updated/ |

Please log in to upload a file.



There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.

Related Posts