User Tools

Site Tools


security:modules-plugins:what-is-mod_security

What is mod_security and should I use it?

Keeping our websites secure is one of the most important and challenging topics of all time. This article will cover the 'mod_security' module and whether or not you should consider using it on your server(s)/website(s).

What is mod_security?

ModSecurity is a toolkit for real-time web application monitoring, logging, and access control. I like to think about it as an enabler: there are no hard rules telling you what to do; instead, it is up to you to choose your own path through the available features. That's why the title of this section asks what ModSecurity can do, not what it does.

Quoted from modsecurity.org

That is a general overview. Breaking it down a little further, mod_security is an Apache module (or extension) specifically designed to protect your website(s) from malicious activity.

The mod_security module alone (with out rulesets) doesn't protect your websites at all. It requires adding ruleset(s) to the configuration. Each ruleset has custom attributes and 'triggers' of what mod_security should consider malicious activity.

The official mod_security reference manual can be found here: SpiderLabs ModSecurity Reference Manual

Where can I find mod_security rulesets?

Rulesets are required for mod_security to function properly. SpiderLabs has teamed with OWASP (Open Web Application Security Project) for developing a 'generic' list of rulesets for out of the box functionality from mod_security.

Their open source ruleset can be downloaded here: owasp-modsecurity-crs
More information regarding their project can be found here: OWASP ModSecurity Core Rule Set Project

You can, of course, write your own rulesets or purchase custom licensed rulesets. A quick Google search can provide relevant listings.

How can I install mod_security?

Please reference our installation articles. Installing mod_security on my cPanel server?

Should I use mod_security?

If uncertain, consult your developer before enabling!

Now, this is difficult question. *IF* you are able to confirm that your rulesets do not interfere with your websites functionality, there is no reason not to use mod_security. However, if your website requires numerous, custom POST requests, it's most likely mod_security will interfere with your websites' core functionality and should be avoided.

security/modules-plugins/what-is-mod_security.txt · Last modified: 2018/01/30 17:12 by Daniel P.