Modx & ModSecurity

Hope your all having a lovely day!

I have an instance of Modx installed on a server using ModSecurity.
I'm having no end of issues trying to get the site functioning correctly. Every time I run into an issue I then have to go into the logs, find all the information I need and then whitelist.

For other CMS' there is normally a ruleset that can just be pasted into the Apache config.

Does anyone know where I can find a ruleset for Modx?

Any help will be greatly appreciated.

This any good to you

https://docs.modx.com/revolution/2.x/getting-started/installation/basic-installation/installation-on-a-server-running-modsecurity

Quote from: paulp at Jan 10, 2019, 03:51 PM

This any good to you

https://docs.modx.com/revolution/2.x/getting-started/installation/basic-installation/installation-on-a-server-running-modsecurity

Thanks for the quick reply!

Unfortunately, I have read that article in the past. Even though it shows examples, the rule id's just don't seem to mean anything to our server. I don't know if the article is maybe out of date?

Turning off mod_security for the MODX directories, or at least the Manager directory might solve your problems if it's an option for you.

Quote from: BobRay at Jan 10, 2019, 10:19 PM

Turning off mod_security for the MODX directories, or at least the Manager directory might solve your problems if it's an option for you.

I will have to ask the security guy and see if this is an option. Thanks for the help

Quote from: BobRay at Jan 10, 2019, 10:19 PM

Turning off mod_security for the MODX directories, or at least the Manager directory might solve your problems if it's an option for you.

I will have to ask the security guy and see if this is an option. Thanks for the help

I went through a month of modsecurity hell because the hoster applied some new rules. It was terrible, honestly.

I have a lot of text in an MIGX structure, several pages of different text, and it was a slow process of triggering each new rule, waiting for the hoster to remove it, then triggering another one.

Try to follow BobRay's advice, it could help a lot.

Quote from: nuan88 at Jan 11, 2019, 12:16 PM

I went through a month of modsecurity hell because the hoster applied some new rules. It was terrible, honestly.

I have a lot of text in an MIGX structure, several pages of different text, and it was a slow process of triggering each new rule, waiting for the hoster to remove it, then triggering another one.

Try to follow BobRay's advice, it could help a lot.

Thanks for the info.

Yes, I have asked the security guy if this would be an option, so I'm awaiting his response.

I think I may just have to crawl the logs until we fix every error we come across. [ed. note: carlpiper last edited this post 6 years, 2 months ago.]

just trigger and report, tell them to check you log every dang morning when they get into work. otherwise its email, wait, email, wait, it was terrible

tell them you will be triggering every day till it works. btw to do what BobRay said will NOT affect your site security in any appreciable way

Quote from: nuan88 at Jan 11, 2019, 12:30 PM

just trigger and report, tell them to check you log every dang morning when they get into work. otherwise its email, wait, email, wait, it was terrible

tell them you will be triggering every day till it works. btw to do what BobRay said will NOT affect your site security in any appreciable way

Thanks for the advice. [ed. note: carlpiper last edited this post 6 years, 2 months ago.]