> For the complete documentation index, see [llms.txt](https://docs.glesys.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.glesys.com/products/managed-services/managed-linux-hosting/how-tos/modsecurity-for-apache-on-a-managed-hosting-server.md). # ModSecurity for Apache on a managed hosting server *** ModSecurity is a free Web Application Firewall (WAF) that works with Apache, Nginx, and IIS, and can be used to protect web applications from various types of attacks. It includes a flexible rule engine capable of performing simple or complex operations and comes with a Core Rule Set (CRS) containing ready‑made rules for, among other things, SQL injection, cross‑site scripting, trojans, and many other security threats. For Apache, ModSecurity runs as a module, making installation and configuration straightforward. As a customer with system administration services, we offer you two different options to choose from: ## OWASP rules If you are using Debian as the operating system, it includes rules from the Open Web Application Security Project (OWASP). OWASP is an organization that works to improve security across various software. Their rules are good but somewhat extensive, which means they don’t suit everyone’s needs. For this option, any troubleshooting is limited to disabling the rules because of their breadth. Read more [about OWASP](https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project). ## Your own rules For those who understand what ModSecurity does, know what threats they want to defend against, and already have a ready‑made configuration file, we can import and activate everything for you. For compatibility reasons, it’s important that you use rules that follow the ModSecurity 3.0 syntax (the exact version we run is 3.0.0‑3). This option requires you to verify that the rules work before asking us to enable them. Our support is limited to installing and activating the rule set; we can’t provide extensive assistance beyond that. Regardless of which option you choose, we’re pleased that you want to give your web server an extra layer of protection! ## Questions? If you have any questions or concerns about ModSecurity and how to secure your web applications, don’t hesitate to contact us at or 0200-23 88 00. Curious about our popular managed hosting service? Learn more [here](https://glesys.com/services/managed-hosting). --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.glesys.com/products/managed-services/managed-linux-hosting/how-tos/modsecurity-for-apache-on-a-managed-hosting-server.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.