b2evolution b2evolution

  • Sign in
  • Sign up
  • About
  • Downloads
  • Hosting
  • Docs
  • Support
  • Sign in
  • Sign up
  • Manuals Home
  • Latest Updates
 
  1. b2evolution CMS User Manual
  2. Operations Reference
  3. Security
  4. mod_security

mod_security

mod_security (http://www.modsecurity.org/) is a PITA. We do not recommend its use. However, you may have this module forced on your by your webhost. Please tell us who your webhost is so we can make a list.

mod_security will scan requests in the most "stupid way" and block them if it "thinks" it might be a hacker trying to do somethign shady. (We made tests with the OWASP core basic rules and they logged tons of false positives with b2evolution…)

For example, if you want to display a graphic including stats on "admin" vs "public" pages, mod_security might see "admin" in the HTTP request and decide someone is trying to hack the admin account, so it will decide to block the request. mod_security has configuration files that are 10 000 + lines long. NO ONE gets them right. There are always compatibility problems with some web app / some new version.

If you cannot disable mod_security, ask your host to fix the rules.

Created by fplanque • Last edit by fplanque on 2020-07-28 23:42 • •

No feedback yet

Search the Manual

Content Hierarchy

  • b2evolution CMS User Manual
  • User's Guide
  • Installation / Upgrade
  • Front-office Reference
  • Back-office Reference
  • Developer Reference
  • Operations Reference
    • Security
      • File Permissions
      • Using SSL
      • Exposing PHP Errors to Visitors
      • Crumbs (nonces)
      • mod_security
      • .htaccess Files
      • Brute force password attacks
      • How to change the location of admin.php
    • Fighting Spam
    • Performance
    • Using Multiple Domains
    • Intranet setup
    • LDAP Integration
    • Troubleshooting
    • Bundled Plugins
  • Advanced Topics
  • Glossary
  • Archives
Advanced CMS

This online manual is powered by b2evolution CMS – A complete engine for your website.

About b2evolution

  • What is it?
  • Features
  • Getting Started
  • Screenshots
  • Online demo
  • Testimonials
  • Design philosophy
  • Free & open source
  • Terms of service

Downloads

  • Latest releases
  • Skins
  • Plugins
  • Language packs

About us

  • About us
  • Contact

Webhosting Guide

  • Web hosting blog
  • Best web hosting
  • Cheap web hosting
  • Green web hosting
  • Hosting with SSH
  • VPS hosting
  • Dedicated servers
  • Reseller hosting
  • Int'l: UK / France

Docs & Support

  • Online manual
  • Forums
  • Hire a pro !

Other

  • Adsense
  • Press room
  • Privacy policy

Stay in touch

  • GitHub
  • Twitter
  • Facebook
  • LinkedIn
  • News blog
  • RSS feed
  • Atom feed

Founded & Maintained by François Planque