I know this is not related to PHPMaker, but anyone has experience configuring or set custom rules for ModSecurity to work with projects generated by PHPMaker?
You may simply refer to the generated .htaccess file in the root of your generated web application. In addition, you may also Google “modsecurity how to”.
1 Like
Hi,
we use modsecurity on our front-end web servers. there are a few rules that need to be disabled otherwise you;'re going to run into problems
.
we’ve run into a few problems, so set the owasp to DetectionOnly
disable these rules in the apache2/conf.d/mod_security2.conf to start with
add them to the bottom of the file…
we use tumbleweed linux, so your linux flavor, paths and files may differ
<IfModule mod_security2.c>
# Default recommended configuration
SecRuleEngine DetectionOnly
SecRequestBodyAccess On
SecStatusEngine On
...
...
SecRuleRemoveById 949110
SecRuleRemoveById 980170
SecRuleRemoveById 932260
SecRuleRemoveById 932250
SecRuleRemoveById 920100
</IfModule>
hopefully this gets you started… the app should run and login with the above entries.
and you will definately want to run this on the server and monitor it will you run your app
tail -f /var/log/apache2/error_log
OR
less /var/log/apache2/error.log (then Shift-F to monitor realtime activity)
this will be your best friend to determine issues, you will see the mod_secuirty events.
example:
[Thu May 15 20:38:36.316211 2025] [security2:error] [pid 177932:tid 177932] [client 192.168.0.4:59478] [client 192.168.0.4] ModSecurity: Rule 55da19617c60 [id “932150”][file “/etc/apache2/mod_security2.d/REQUEST-932-APPLICATION-ATTACK-RCE.conf”][line “463”] - Execution error - PCRE limits exceeded (-8): (null). [hostname “myservername.ca”] [uri “/api/fetchSystemNews”] [unique_id “aCaJDNx1WC_fHrNqvlmMWAAAAAU”], referer: https://myservername.ca/dashboard2
this is the rule: [id “932150”]
1 Like
Thank you @skidmarks 
Much appreciated. I’m using ModSecurity on Windows platform hosting via IIS. Let me try out the rules exception and monitor from there.