ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the “Swiss Army Knife” of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.

It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging, and real-time analysis. ModSecurity commonly installed in conjunction with Apache, an open-source web server. The benefits of using mod_security are numerous and encompass defense from many kinds of web-based attacks including code injection and brute force attacks.

The module is configured to protect web applications from various attacks. ModSecurity supports a flexible rule engine to perform both simple and complex operations. It can potentially block common code injection attacks which strengthens the security of the server. It comes with a Core Rule Set (CRS) which has various rules for cross-website scripting, bad user agents, SQL injection, trojans, session hijacking, and other exploits.

Want to learn more about ModSecurity?
Click here to visit

A web developer must know about ModSecurity for creating secure web applications.

To change the security configurations from the client panel of your CLOUDPOKO hosting account, you must log in to the CWP Control Panel and navigate to the CWP Settings -> Mod Security

In the Mod Security Configuration click on the Actions radio button to turn it ON or OFF for your domain or subdomain. You can also check the IP and edit the configuration rules for each domain and subdomain just by clicking on the options in front of the domain/subdomain name.

We suggest keeping the Mod Security ON for all your domains & subdomains as this adds another layer of security to your tool.