mod_security2 is a web application firewall (WAF). On certain servers, this module can be added in the Apache Options interface. To learn about adding modules to your VPS or Dedicated server, see our How to Add and Remove Your Apache Modules article.
The Apache modules and Apache Option interface will only appear on compatible servers. If you do not see mod_security2 in the Apache Options interface, it is likely that your server is outdated and not compatible. If you would like to update your server, please contact our support team.
When the mod_security2 module is added on one of our servers, we automatically install it with the OWASP Core Rule Set (CRS). OWASP CRS is a list of rules created for WAFs and protects against a variety of common attacks, like SQL injection, cross-site scripting, and local file inclusion. You can find a full list of common attacks that the OWASP Core Rule Set protects in this OWASP CRS article.
Our installations use the recommended configuration. However, if you require a custom configuration, our support team can assist you.
Enabling mod_security2 can affect site speed and falsely block legitimate traffic. We recommend that you use this module with caution.