ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
I'm trying to use mod_security with a large number of vhosts.
What I found out, is Apache refuses to start on a small VM (512 MB) with 20-30 vhosts and mod_security rules loaded per vhost.
Therefore, I've decided to load the rules globally (no memory pressure in that case) and modify them in vhost context with SecRuleUpdateActionById.
Unfortunately, it doesnt work.
I've tried loading modsecurity_crs_35_bad_robots.conf in global context and then allow it to bypass the traffic (but still logging the violators) with the following rule in vhost context:
SecRuleUpdateActionById 990012 "allow"
It has no effect and bad robots are still blocked.
zimmerle
commented
6 years ago
I'm trying to use mod_security with a large number of vhosts.
What I found out, is Apache refuses to start on a small VM (512 MB) with 20-30 vhosts and mod_security rules loaded per vhost.
Therefore, I've decided to load the rules globally (no memory pressure in that case) and modify them in vhost context with SecRuleUpdateActionById.
Unfortunately, it doesnt work.
I've tried loading modsecurity_crs_35_bad_robots.conf in global context and then allow it to bypass the traffic (but still logging the violators) with the following rule in vhost context:
SecRuleUpdateActionById 990012 "allow"
It has no effect and bad robots are still blocked.
Is it a bug or a feature?