One component of Starrhost's secure server service is an Apache module called Mod Security (often shortened to just “modsec”). Modsec monitors all incoming HTTP requests for malicious behavior, and does not complete requests that meet certain criteria. These criteria are spelled out in what are called “rules” or “rulesets” set by the server administrator.

In an ideal world, only malicious requests would be caught in modsec’s trap. Unfortunately, there are some instances where legitimate requests are stopped as well. How do we determine that this is what happening, and what can we do about it?

Modsec errors usually appear on a web page as either 400- or 500-level HTTP status codes. If you see a such an error on your site, the next step is to search the server’s error logs for more information on which rule is blocking the request.

Each line of the error is rather lengthy. The information logged includes the HTTP request that was sent, the line number and ID # of the modsec rule that was triggered, and the IP address of the computer that sent the HTTP request.""

When modsec is triggered by a piece of code that performs a legitimate function of your site, it is best to have that code rewritten so as not to trigger modsec. Each of modsec’s rules catch attacks, so if modsec is treating your site code like an attack, the problem is almost always with what the site code is doing and should be investigated and/or corrected.

Many people don't develop these days and rely on CMS (content management systems) like WordPress or Joomla, etc. If you are not developing a site with your own code, and you use a reputable 3rd-party vendor for your code, you may have to resort to turning off the specific modsec rule that the site triggers. If you choose this route, please contact support and let us know the result of the error by copying and pasting it into a ticket, if you can. While whitelisting modsec rules are beyond the scope of this article, our support team is available to assist you with any modsec errors you may come across.