Re: [mod-security-users] Where is the best place for the ModSecurity?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Where is the best place for the ModSecurity?
|
From: Reindl H. <h.r...@th...> - 2021-02-24 11:13:16
|
Am 24.02.21 um 11:58 schrieb Jason Long via mod-security-users: > Hello, > Where is the best place for the ModSecurity to protect a WordPress > website? Is it true that a WAF like ModSecurity must be installed > between the web server and the Internet and not on the host itself? no it is not and given that you can adjust rules based on <Directory> in your httpd configuration it makes a lot of sense have it on the host itself and "must" don't exist at all - nobody can force you to setup a proxy nor pretend an additional proxy makes things more secure by it's existence the opposite is true: in doubt you are now vulerable for bugs of the proxy as well as the backend server - having more layers and complexity in the mix can make sense but it's not more secure out of the blue |
