[ Thanks to Andrew
Weber for this link. ]
“Tip #1: Develop A Basic Understanding of ModSecurity
Go to the modsecurity.org website, download and read the
documentation. Once that is done you need to know how to find a
policy number.“1. Locate a Policy
The rules will be located in the directory you create, probably
named modsecurity, and in that directory will be a list of rules.
These Core Rules provide generic protection from many unknown
vulnerabilities. You will not want to modify the Core Rules, except
to turn them on, as when you update you will erase your settings.
There are two files that have been created to create custom rules.
The first is the modsecurity_crs_15_customrules.conf which lists
rules that have been tested for your site and are working
effectively. The second is a bailout ruleset, in other words, if
you cannot get something to work you can place it in the
modsecurity_crs_65_temporary.conf until you can get it fixed. For
example, if you need to run ModSecurity but cannot get a specific
rule to work you can disable it in this file until you can get it
working.“You can see that the file represent different kinds of rules.
The 10_config provides the basic configuration and this is the file
that you will use to turn on ModSecurity rules. The collection of
rules provide protection for your web server, detects and protects
against bots, crawlers,scanners, it detects and protects against
trojans and limits error messages that will provide too much
information to attackers.”
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.