Just wondering if fellow hosters are willing to share their settings for mod_security. I have a tough setting but finds that some script give back 500 errors. What are your thoughts on mod_security and would you recommend it?
MediaLayer, LLC - www.medialayer.comLearn how we can make your website load faster, translating to better conversion rates for your business!
The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business
Your best bet, whether your work the rule set yourself from modsecurity.org site or pull in rules from another party, is review the audit logs on a regular basis to find what rules work best for your customers.
You should also be reviewing your logs to see what mod_security is missing which other rule sets may not cover; and add those, test those as needed.
Regardless, do not let all the very specific talk daunt you. mod_security is a great tool and I recommend you employ it.
CybexHost.com - Shared and Reseller Hosting Solutions on cPanel/WHM Linux Servers ModernTweak.com - Discount ModernBill Licenses, Hosted Installations, and Professional Services :: Pay for your discount ModernBill license with PayPal :: admin[at]cybexhost.com :: AIM: CybexH