What is Mod Security?
Mod Security (also known as ‘mod_security’ or ‘modsec’) is an open source Web Application Firewall which is an Apache server module. This firewall will detect pattern behaviour that is suspicious or similar to the behaviour exhibited in scripting attacks.
If Mod Security detects suspicious pattern behaviours, it will then note the incident in logs for future reference; and/or shut down the user process, preventing the affected webpage(s) from being accessed. This is most commonly seen in the form of a 403 Forbidden error to the visitor.
Read about Mod Security in more detail in our blog post.
Diagnosing website faults
You can see if any Mod Security firewall rules are triggering on your hosting service from VIPControl by following these steps:
- Log in to VIPControl.
- Click the My Services link on the top → Hosting from the tabs underneath.
- Click the Manage button on the relevant service.
- Click Mod Security in the left menu.
- Click View All next to Hit Count on this page.
Not all of the Mod Security rules that trigger will affect how your site loads in any way. However, if rules are triggering that are listed here, it’s a great place to start. Please submit an eTicket to our Technical Support team including the exact steps to replicate the 403 Forbidden error (along with any required login credentials for back-end control panels).
While it’s important you update your scripts to the latest developer releases, we have Mod Security in place just in case you forget to keep those up to date or if you simply have a poorly coded script.
For advanced users only
For testing purposes, you can white-list a Mod Security rule via your .htaccess file, using the following code:
Replace the 700001 number in this example with the rule ID you obtained from VIPControl.
After inserting this to your .htaccess file, try to re-encounter your 403 error. If the error no longer shows, you now know it was a Mod Security rule that was causing this for you.
Note: it is not recommended to leave a Mod Security rule disabled on your service as it leaves your website more vulnerable to scripting attacks. The best course of action is resolving the trigger at its root as a permanent solution.