Holah
Today i installed mod_security and opened interworx for some of my users to test ,
So the first query was that wordpress was not functioning correctly and after looking at the logs , it looks like mod_security might be affecting some functions .
Is they a rule that i can use that can exclude lets say for instance , wp-admin ?
It’s not recommended at all in the hosting industry to use Mod_Security now as it’s outdated and not supporting 5.4+, someone has made a new version of it but it’s not recommended to use.
Eish … i had already installed mod_security and mod_evasive as per the Techmint tutorial .
So, does this mean i have to remove it ? although it seems to be working so far
I tested it using loic and it managed to block it within a minute causing a server load of 70%
the rule i found is
<Directory “/var/www/wp-admin”>
<IfModule security2_module>
SecRuleEngine Off
</IfModule>
</Directory>
it seems to work so far …
Hi nuffsaid
That is your decision to make.
To be honest though, I don’t think apache serves from that location, though I could be wrong as it’s a default location in apache, and your loading at 70% is very high.
We use BFD to stop WP admin attacks and there’s no real loading in excess of our normal loading, circa between 1 and 2,but I’m thinking you mean procs %.
Many thanks
John
[QUOTE=nuffsaid;27415]Eish … i had already installed mod_security and mod_evasive as per the Techmint tutorial .
So, does this mean i have to remove it ? although it seems to be working so far
I tested it using loic and it managed to block it within a minute causing a server load of 70%
the rule i found is
<Directory “/var/www/wp-admin”>
<IfModule security2_module>
SecRuleEngine Off
</IfModule>
</Directory>
it seems to work so far …[/QUOTE]
As John says it’s up-to you as it’s your server, but I don’t recommend it to my customers because it was a dead project and wasn’t available for 5.4, but they have a new developer coding it now but to trust something which could die off again isn’t worth it :).