Keeping our websites secure is one of the most important and challenging topics of all time. This article will cover the 'mod_security' module and whether or not you should consider using it on your server(s)/website(s).
ModSecurity is a toolkit for real-time web application monitoring, logging, and access control. I like to think about it as an enabler: there are no hard rules telling you what to do; instead, it is up to you to choose your own path through the available features. That's why the title of this section asks what ModSecurity can do, not what it does.
Quoted from modsecurity.org
That is a general overview. Breaking it down a little further, mod_security is an Apache module (or extension) specifically designed to protect your website(s) from malicious activity.
The mod_security module alone (with out rulesets) doesn't protect your websites at all. It requires adding ruleset(s) to the configuration. Each ruleset has custom attributes and 'triggers' of what mod_security should consider malicious activity.
The official mod_security reference manual can be found here: SpiderLabs ModSecurity Reference Manual
Rulesets are required for mod_security to function properly. SpiderLabs has teamed with OWASP (Open Web Application Security Project) for developing a 'generic' list of rulesets for out of the box functionality from mod_security.
You can, of course, write your own rulesets or purchase custom licensed rulesets. A quick Google search can provide relevant listings.
Please reference our installation articles. Installing mod_security on my cPanel server?
If uncertain, consult your developer before enabling!
Now, this is difficult question. *IF* you are able to confirm that your rulesets do not interfere with your websites functionality, there is no reason not to use mod_security. However, if your website requires numerous, custom POST requests, it's most likely mod_security will interfere with your websites' core functionality and should be avoided.