Hostking
Verified User
Calling all server admins (ModSecurity / Apache / DirectAdmin)
Following the positive feedback on the SpamAssassin thread, I’m starting a similar community-driven ModSecurity ruleset — this time focused on Apache/DirectAdmin environments.
The goal is to build a practical, real-world rule collection that works well in shared hosting setups — without breaking legitimate traffic.
Looking for contributions such as:
Rules with low false positives (critical for shared hosting)
Proven rules for bot abuse, crawlers, and bad user-agents
Protection against common web exploits (LFI, RFI, SQLi, XSS, etc.)
Smart rate-limiting / behavioral rules
Useful whitelisting techniques to reduce noise
Focus areas:
WooCommerce / WordPress abuse (cart spam, fake requests, etc.)
AI crawlers / aggressive bots (e.g. meta-externalagent, etc.)
Lightweight rules that won’t heavily impact performance
Important:
When sharing rules, please specify whether they are for:
Imunify360, or
Standard ModSecurity (Apache / standalone ModSec / OWASP CRS)
This is important because rule handling and file locations differ depending on the setup.
DirectAdmin / Imunify360 notes (important)
For DirectAdmin users, it’s recommended to store custom rules in a separate directory (e.g. /etc/custom_modsecurity.d/) and include them via:
This ensures your rules are not overwritten during updates or ruleset reinstalls.
Example include:
Then restart Apache:
Helpful reference (bot blocking):
There’s also a useful guide on blocking bad bots with ModSecurity on DirectAdmin:
https://www.vpsbasics.com/security/how-to-block-bad-bots-using-modsecurity-with-directadmin/
Worth checking if you’re dealing with crawler abuse — especially for WooCommerce sites.
Testing & monitoring:
Always test rules before rolling out globally. You can monitor hits via:
Or your ModSecurity audit logs depending on setup.
If you have rules that have worked well in production, please share — the goal is to build something practical and usable for everyone running shared or high-traffic environments.
Following the positive feedback on the SpamAssassin thread, I’m starting a similar community-driven ModSecurity ruleset — this time focused on Apache/DirectAdmin environments.
The goal is to build a practical, real-world rule collection that works well in shared hosting setups — without breaking legitimate traffic.
Looking for contributions such as:
Rules with low false positives (critical for shared hosting)
Proven rules for bot abuse, crawlers, and bad user-agents
Protection against common web exploits (LFI, RFI, SQLi, XSS, etc.)
Smart rate-limiting / behavioral rules
Useful whitelisting techniques to reduce noise
Focus areas:
WooCommerce / WordPress abuse (cart spam, fake requests, etc.)
AI crawlers / aggressive bots (e.g. meta-externalagent, etc.)
Lightweight rules that won’t heavily impact performance
Important:When sharing rules, please specify whether they are for:
Imunify360, or
Standard ModSecurity (Apache / standalone ModSec / OWASP CRS)
This is important because rule handling and file locations differ depending on the setup.
DirectAdmin / Imunify360 notes (important)
For DirectAdmin users, it’s recommended to store custom rules in a separate directory (e.g. /etc/custom_modsecurity.d/) and include them via:
Code:
/etc/httpd/conf/extra/httpd-includes.confThis ensures your rules are not overwritten during updates or ruleset reinstalls.
Example include:
Code:
<IfModule security2_module>
IncludeOptional /etc/custom_modsecurity.d/*.conf
</IfModule>Then restart Apache:
Code:
systemctl restart httpdThere’s also a useful guide on blocking bad bots with ModSecurity on DirectAdmin:
https://www.vpsbasics.com/security/how-to-block-bad-bots-using-modsecurity-with-directadmin/
Worth checking if you’re dealing with crawler abuse — especially for WooCommerce sites.
Testing & monitoring:
Always test rules before rolling out globally. You can monitor hits via:
Code:
tail -f /var/log/httpd/error_logOr your ModSecurity audit logs depending on setup.
Code:
tail -f /var/log/httpd/modsec_audit.logIf you have rules that have worked well in production, please share — the goal is to build something practical and usable for everyone running shared or high-traffic environments.