Close Nav

Search

This post is more then 3 years old, some information may be out of date

What is Mod Sec?

Sometimes when browsing your website or using your Content Management System (CMS), you find you are suddenly "locked" out, and can no longer access your website or CMS.

First impression is naturally "our site / system is offline!"  However upon investigation you can find that other people (e.g when browsing via a seperate network connection) can access the site fine.

The cause of this might be a security plugin called "Mod Security".

What is Mod Security?

Mod_security (also known as "ModSec") is a module installed on web servers that help to protect websites from various attacks. It does this by analysing requests to a website, and determining if any of these requests may be a potential threat.

Is Mod Security a 100% accurate?

Short answer is no.  A lot of the time, Mod Sec rules block legimate requests.  When this occurs, the particular rule may need to be white listed by your hosting company.

Is it a problem with my platform ?

Mod Security can block legitimate requests, regardless of what platform you are on. You should always consult with your web developer / web hosting company if you have any concerns.

But I've been using our site / system for years, I've never had a problem!

Mod Security rules are constantly upgraded. It may also be a combination of factors, such as multiple users accessing the same sub system, that may trigger a particular rule.

So what do I do?

First step is to determine if it could be a mod security rule that is blocking your access.  
To try this:

  1. Grab your mobile phone
  2. Make sure its not connected to your wifi network
  3. See if you can navigate to your website / system.  If you can - it *might* be a mod sec rule.  If you cannot, it might be that your site is offline.

If you think its a mod sec rule:

Send an email to your hosting company.  This is normally in the form of

Hi, I think I am getting blocked by a mod security rule, when browsing [INSERT YOUR WEBSITE IS ] my IP address is [ YOUR IP ADDRESS]

To find out what your IP address is, Google "what is my ip address".  This should return 4 sets of a numbers seperate by a decimal point e.g 203.10.89.2