What changes can be made to Mod-Security by the end-user?

Web Hosting
Ben Gayson
Published: 3 October 2025Last updated: 10 November 2025
Share:

ModSecurity, often referred to as ModSec, is a free, open-source Web Application Firewall (WAF). ModSec was initially designed as a module for Apache web servers and has since evolved to support other web servers such as Microsoft IIS and Nginx. We implement ModSec to help protect the web applications we host. This article is going to go over what customers can request when it comes down to ModSecurity on their sites. 

Shared Hosting

If you believe something is being blocked by ModSecurity when it shouldn't be, then contact our Support Team, and we can check if this is indeed the case. If data is being blocked when it shouldn't be, then there are times when we can whitelist the request, which should then resolve any issues.

Managed Cloud Servers

Due to Managed Cloud Servers being owned by customers, we can have much more flexibility when it comes to ModSecurity on the Servers themselves. As with Shared Hosting, if something is being blocked when it shouldn't be, we can whitelist the request. 

The customer is also able to make requests when it comes to ModSecurity, should they wish to make changes. These vary from having specific ModSecurity rules disabled to having ModSecurity completely disabled on the server.  This should only be done where it is absolutely necessary; however, it isn't something we would recommend.

Customers are also able to request that certain ModSecurity limits be increased on Cloud Servers if necessary. 

If you have any further questions regarding ModSecurity, please don't hesitate to contact our Support Team, who will be more than happy to help. 


Some examples of Mod-Security Errors 

These are some examples of the errors you may see within the error logs section of your hosting package. 

20itest.co.uk [Fri Sep 26 19:46:02 2025] [error] [client 48.210.227.203:0] [client 48.210.227.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^/(wp-admin|wp-content|wp-includes)/.*\\\\.php" at REQUEST_URI. [file "remote server"] [line "-1"] [id "580600"] [msg "Malware.Expert - empty User-Agent accessing WP PHP file in directory"] [tag "MEWAF"] [hostname "20itest.co.uk"] [uri "/wp-content/plugins/hellopress/wp_filemanager.php"] [unique_id "aNbfaiuuqLbT5zOusyiyVAAAAA4"]

2025-09-04T13:25:56.020Z {name=web183.lhr.stackcp.net} ~6390c02281 20itest.co.uk [Thu Sep 04 14:24:05 2025] [error] [client 185.146.164.254:0] [client 185.146.164.254] ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-admin/" against "REQUEST_HEADERS:referer" required. [file "remote server"] [line "-1"] [id "580010"] [msg "Malware.Expert - Wordpress - Username Enumeration"] [tag "MEWAF"] [hostname "20itest.co.uk"] [uri "/wp-json/wp/v2/users/351"] [unique_id "aLmS9UwqyVTGPEKowmr3bwAAARM"]