Mod security sql injection causing website error 503...

Discussion in 'Technical' started by adamjedgar, Jun 27, 2019.

  1. adamjedgar

    adamjedgar Member

    Hi guys,
    I have installed Mod security on a debian server in the last day. The server has 3 WordPress websites on it and a handful of static html sites.

    Today, modsecurity owasp flagged an ssl injection attack on two of the WordPress websites but not the third WordPress site on this server.

    The two sites that were flagged by Mod security are linked..they belong to the same owners engineering business.

    Anyway I am not yet sure whether or not this was a false positive or whether I need to tweak Mod security...both websites went offline for a long period of time.

    So my question is, in the event of an injection attack, how can I set Mod security to redirect to homepage (or even a static clone page of the website homepage on a different directory) instead of the wordpress website being taken out with 503 errors?

    From what I can see, the webserver itself was functioning, as well as mysql and php was just the two WordPress website that went down.

    One of the WordPress sites also had Wordfence WAF, the other only had "Limit Login Attempts" plugin by Best Websoft.

Share This Page