User Tools

Site Tools

Action disabled: source

What is mod_security and should I use it?

Keeping our websites secure is one of the most important and challenging topics of all time. This article will cover the 'mod_security' module and whether or not you should consider using it on your server(s)/website(s).

What is mod_security?

ModSecurity is a toolkit for real-time web application monitoring, logging, and access control. I like to think about it as an enabler: there are no hard rules telling you what to do; instead, it is up to you to choose your own path through the available features. That's why the title of this section asks what ModSecurity can do, not what it does.

Quoted from

That is a general overview. Breaking it down a little further, mod_security is an Apache module (or extension) specifically designed to protect your website(s) from malicious activity.

The mod_security module alone (with out rulesets) doesn't protect your websites at all. It requires adding ruleset(s) to the configuration. Each ruleset has custom attributes and 'triggers' of what mod_security should consider malicious activity.

The official mod_security reference manual can be found here: SpiderLabs ModSecurity Reference Manual

Where can I find mod_security rulesets?

Rulesets are required for mod_security to function properly. SpiderLabs has teamed with OWASP (Open Web Application Security Project) for developing a 'generic' list of rulesets for out of the box functionality from mod_security.

Their open source ruleset can be downloaded here: owasp-modsecurity-crs
More information regarding their project can be found here: OWASP ModSecurity Core Rule Set Project

You can, of course, write your own rulesets or purchase custom licensed rulesets. A quick Google search can provide relevant listings.

How can I install mod_security?

Please reference our installation articles. Installing mod_security on my cPanel server?

Should I use mod_security?

If uncertain, consult your developer before enabling!

Now, this is difficult question. *IF* you are able to confirm that your rulesets do not interfere with your websites functionality, there is no reason not to use mod_security. However, if your website requires numerous, custom POST requests, it's most likely mod_security will interfere with your websites' core functionality and should be avoided.

security/modules-plugins/what-is-mod_security.txt · Last modified: 2018/01/30 11:12 by Daniel P.