ModSecurity Overview

  1. Enabling ModSecurity on a Webserver:

    • ModSecurity can be enabled on Apache and Nginx web servers within the Enhance cluster. Once enabled, all websites on that server can enable or disable ModSecurity on a per-domain basis.
    • To enable it, go to the server's management page, select Roles > Application > Settings, and toggle ModSecurity on.

  2. ModSecurity Configuration:

    • ModSecurity configurations can be customized per server. By default, the OWASP® ModSecurity Core Rule Set (CRS) is applied.
    • Editing the configuration file should be done cautiously as invalid syntax can break the server, making websites inaccessible. It can be recovered by restoring the file or using the "Reset to default" option.

  3. Enabling/Disabling ModSecurity on a Per Domain Basis:

    • To manage ModSecurity on a specific website, enable it first on the server. Then, on the website’s dashboard, go to Security > ModSecurity, and toggle it on or off for the domain.
Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

Overview

Overview PHP Containerisation: Enhance isolates each user's website in a separate PHP...
Brute force protection

Brute Force Protection Brute force protection helps secure accounts from login attacks, such as...
Prohibited Domains

Prohibited Domains Enhance allows you to prevent users from creating sites and subdomains with...