Ok to dissable mod_security?

apps

#1

I am getting 503 errors apparently coming from the modsecurity. Some people have already told me to dissable it, but I keep reading over the articles in the wiki about it and they really do not make me feel very good about dissabling it. Does anybody have an idea of how much modsecurity helps? Or has anyone else already dissabled it on their site?


#2

I personally think that ModSecurity is very important, but I’m biased as I am part of it development team. You may want to read more about the application security problem by browsing the OWASP top 10 http://www.owasp.org/index.php/Top_10_2007). ModSecurity is your best solution, and the only free one, for protection from many of the problems in this list.

We can also try to help you solve your specific problem with ModSecurity on the ModSecurity mailing list: https://lists.sourceforge.net/lists/listinfo/mod-security-users.

~ Ofer Shezaf
ModSecurity Core Rule Set project leader
ofers@breach.com


#3

Thanks a lot for the help. I will look for a solution other than dissabling it then.