Apache web server with ModSecurity

is there a reason why modesecurity is not installed in the default installation?

I expect the answer to be due to nginx sitting between apache and the internet. Any use of modsecurity would belong at the edge in nginx.

And it needs a lot of specific changes otherwise it has unintended side effects

1 Like

I thought a WAF would certainly not hurt, since Ngnix acts as a proxy I thought of modsecurity for Apache

where crowdsec is an alternative for server security