Are the IMH modsecurity rules compliant with apache 2.4.6?

Avatar
  • updated
  • Answered
When I upgraded from apache 2.2.x to apache 2.4.6 through EasyApache, no sites would serve because apache wouldn't run. The following errors were showing up:
ModSecurity: Access denied with code 400. Too many threads [16384] of 100 allowed in READ state from 9.9.9.9 - Possible DoS Consumption Attack [Rejected]

Note: actual changed ip to 9.9.9.9 just for this post. It wasn't a DoS attack though, it seems some of the rules might have been bad because as soon as modsecurity was removed, easyapache update re-run, apache started and served fine and there was no DoS attack underway.

Need to know if there are changes needed to the modsecurity configuration when upgrading apache from 2.2.x to 2.4.x.
Avatar
Arn
  • Answered

Hello,

The Modsecurity rules applied to hosted servers with InMotion Hosting are made to help combat the DoS attacks that have attacked the servers and should be compliant with the Apache versions. If you can identify the specific rule causing the issue, then you may find the exact cause of the problem. Please review this article: Disable Specific Modsecurity Rules . You can then find what's causing the errors. Something may be triggering it that requires some attention. Also, you can report the rule to Technical Support if there is a problem. If you find the rule and it is erroneously causing the error, then please report it via a ticket submitted through the AMP interface so that the Systems team can review the issue. Make sure to provide verification (via the last 4 digits of the credit card on the account, or the AMP password) when you send the email.

I hope this helps to identify and resolve the issue! Please let us know if you have any further questions.

Regards,

Arnel C.