One component of Liquid Web’s Server Secure service is an Apache module called Mod Security (often shortened to just “modsec”). Modsec monitors all incoming HTTP requests for malicious behavior, and does not complete requests that meet certain criteria. These criteria are spelled out in what are called “rules” or “rulesets”.
In an ideal world, only malicious requests would be caught in modsec’s trap. Unfortunately, there are some instances where legitimate requests are stopped as well. How do we determine that this is what happening, and what can we do about it?
Continue reading “When Mod Security Attacks”