This guide concerns the configuration and management of ModSecurity on Infomaniak servers. By understanding its limitations, restrictions, and effectively managing errors, you can optimize the security of your site while maintaining its functionality.

Default configuration

ModSecurity (mod_secure) is available and enabled by default on the Infomaniak servers. This means that all HTTP requests will be subject to the security rules defined by ModSecurity.

It is not possible to disable ModSecurity on Infomaniak servers. The setting is global to the server where your site is hosted, which means that all defined security rules will be applied to your site.

Error management

If the error message ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. (...) appears regarding ModSecurity, you should check that a default language is properly configured in your web browser. This error can sometimes be caused by incorrectly configured language settings in the browser.