In order to get you the security you need right away, our implementation of ModSecurity seeks to make an otherwise involved task easy to implement. You have access to two modes:

  • DetectionOnly
  • On

By default, your cachoid’s Modsecurity configuration is set to DetectionOnly. The reasoning is that Modsecurity rules can be heavily intrusive, break your website, and inadvertently make it unreachable. So we give you the chance to work your way from DetectionOnly to On while familiarizing yourself with the settings.

DetectionOnly mode shows you how ModSecurity will process web transactions were it to be On and whether a web transaction could be construed as safe or malicious (blocked). So use DetectionOnly mode to get a feel for ModSecurity rules and whether a certain rule unintentionally breaks your website. If any rule breaks your website, you can exclude that rule via your the Cachoid interface. Keep mind that not all rules that generate a block are to be excluded; modsecurity triggers can unravel flaws in software. So you’ll need to address it rather than get in the habit of blindly excluding rules (good practices). Right now, SecRequestBodyAccess is set to Off to give the backend a chance to do its own scrubbing of POST parameters.