What is Mod Security?
What is Mod Security?
ModSecurity is a web application firewall.
What does it do?
It provides protection from a range of attacks against web applications. Currently 70% of all attacks are now carried out over the web application level.
Why do we use it?
A vital component of a stable shared hosting environment is having a layered security infrastructure. Web application firewalls provide an additional security layer that increases security by detecting or preventing attacks before they reach web applications. The best way to reduce vulnerability is to ensure you keep your software updated to the latest patch.
Can I turn it off?
If your applications are having problems it may be due to ModSecurity rules blocking some functions, in this case it is possible to switch off filtering for that particular domain. To do so place a .htaccess file in the root of the domain (or the applications folder) with the line:
SecFilterEngine Off
If this resolves your problem then ModSecurity was blocking your application. We do not recommend disabling ModSecurity permanently, at this point it is better to find which file(s) are causing the problem and exclude it specifically i.e
SecFilterEngine On
<FilesMatch “(problem_file.php)”>
SecFilterEngine Off
</FilesMatch>
IMPORTANT: Customers on web10.pipeten.co.uk, dweb4.pipeten.co.uk or dweb16.pipeten.co.uk servers should contact support for help with mod_security. Please include the steps to repeat the problem including the URL at which you’re seeing the error, what data you are entering into any forms and web interface usernames or passwords if needed.
