Keeping our websites secure is one of the most important and challenging topics of all time. This article will cover the 'mod_security' module and whether or not you should consider using it on your server(s)/website(s).
ModSecurity is a toolkit for real-time web application monitoring, logging, and access control. I like to think about it as an enabler: there are no hard rules telling you what to do; instead, it is up to you to choose your own path through the available features. That's why the title of this section asks what ModSecurity can do, not what it does.
That is a general overview. Breaking it down a little further, mod_security is an Apache module (or extension) specifically designed to protect your website(s) from malicious activity.
The mod_security module alone (with out rulesets) doesn't protect your websites at all. It requires adding ruleset(s) to the configuration. Each ruleset has custom attributes and 'triggers' of what mod_security should consider malicious activity.
Rulesets are required for mod_security to function properly. SpiderLabs has teamed with OWASP 3)Open Web Application Security Project) for developing a 'generic' list of rulesets for out of the box functionality from mod_security.
You can, of course, write your own rulesets or purchase custom licensed rulesets. A quick Google search can provide relevant listings.
Please reference our installation articles. Installing mod_security on my cPanel server?
If uncertain, consult your developer before enabling!
Now, this is difficult question. *IF* you are able to confirm that your rulesets do not interfere with your websites functionality, there is no reason not to use mod_security. However, if your website requires numerous, custom POST requests, it's most likely mod_security will interfere with your websites' core functionality and should be avoided.