This guide explains how ModSecurity works, how to configure it, and how to manage it on Infomaniak servers.

Introduction

• ModSecurity (mod_secure) is available and enabled by default on Infomaniak servers:
  • All HTTP requests will be subject to the security rules defined by ModSecurity.
  • The PHP extension uploadprogress is not available on Infomaniak servers, as PHP is used in its FPM version.
• It is not possible to disable ModSecurity on Infomaniak servers:
  • The setting is global to the server where your site is hosted, which means that all defined security rules will be applied to your site.

In case of a problem

Language error in the browser (code 403)

If the error message ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. (...) appears regarding ModSecurity, you should check that a default language is properly configured in your web browser. This error can sometimes be caused by incorrectly configured language settings in the browser.

Warning "Request body larger than configured limit"

If you see messages regarding the error or warning Request body larger than configured limit, please note that this is only a warning — the request still goes through and is not blocked. This configuration is specific to certain older hosting generations (of the jessie type) and allows all requests to pass through to the server without any impact on your visitors.