We extended nine-manage-hosts to give you the opportunity to use mod_security on specific vhosts in specific modes in order to keep your web server safe and secure.
mod_security is the implementation of the OWASP rule set for the apache web server. It acts as an application firewall and filters requests that aim for XSS, SQL injections and similar harmful requests.
We are using the mod_security “core rule set” on our servers.
All managed servers have the required module installed. In order to not disrupt any services, we decided to deactivate mod_security by default. This applies to creating new vhosts and changing existing ones.
To activate the filtering you can use nine-manage-vhosts. There are three options for mod_security you can choose from:
As it is already implemented, you can manage it on your own, depending on the specific needs for your websites or vhosts. You can also combine mod_security with your existing Let´s Encrypt implementation.
You would like to know more? Use our support article to see the full documentation about mod_security.
Never miss an update from our engineers