ModSecurity for Apache on a managed hosting server

ModSecurity is a free Web Application Firewall (WAF) that works with Apache, Nginx, and IIS, and can be used to protect web applications from various types of attacks. It includes a flexible rule engine capable of performing simple or complex operations and comes with a Core Rule Set (CRS) containing ready‑made rules for, among other things, SQL injection, cross‑site scripting, trojans, and many other security threats. For Apache, ModSecurity runs as a module, making installation and configuration straightforward.

As a customer with system administration services, we offer you two different options to choose from:

OWASP rules

If you are using Debian as the operating system, it includes rules from the Open Web Application Security Project (OWASP). OWASP is an organization that works to improve security across various software. Their rules are good but somewhat extensive, which means they don’t suit everyone’s needs. For this option, any troubleshooting is limited to disabling the rules because of their breadth. Read more about OWASP.

Your own rules

For those who understand what ModSecurity does, know what threats they want to defend against, and already have a ready‑made configuration file, we can import and activate everything for you. For compatibility reasons, it’s important that you use rules that follow the ModSecurity 3.0 syntax (the exact version we run is 3.0.0‑3). This option requires you to verify that the rules work before asking us to enable them. Our support is limited to installing and activating the rule set; we can’t provide extensive assistance beyond that.

Regardless of which option you choose, we’re pleased that you want to give your web server an extra layer of protection!

Questions?

If you have any questions or concerns about ModSecurity and how to secure your web applications, don’t hesitate to contact us at [email protected] or 0200-23 88 00.

Curious about our popular managed hosting service? Learn more here.