ModSecurity

From mediawiki.org

ModSecurity is an open-source module for Apache and other webservers. It is designed to take security measures in web traffic, including request filtering.

This page is a stub about the use of ModSecurity with MediaWiki. For general recommendations and instructions on how to make your MediaWiki site a safer place, see Manual:Security. For issues specific to ModSecurity, see GitHub.

Potential issues[edit]

False positives[edit]

In some cases, file uploads and the use of syntax such as parser functions may trigger false positives.

Other issues can happen if you attempt to save an edit that contains more than X external links. Some hosts use rules to trap spambots that try to insert 3 or more external links on a page.

When an edit triggers a mod_security rule, the behavior is usually a 403 Forbidden error, or a redirect to the main page.

Disable ModSecurity[edit]

It should be possible to disable by putting

SecRuleEngine Off

inside the virtual host or a .htaccess [1]