Here are some rules for those who use plausible and modsecurity

[2803media]

As you know there are some isues with plausible and modsecurity which block plausible by default.

Here are some custom rules, feel free to use them or to enhance them:

# Autoriser text/plain pour la route /api/event
SecRule REQUEST_URI "@streq /api/event" \
    "id:1000005,phase:1,t:none,pass,nolog,ctl:requestBodyAccess=On"

# Désactiver les règles spécifiques uniquement pour /api/event
SecRule REQUEST_URI "@streq /api/event" \
    "id:1000006,phase:1,t:none,pass,nolog,ctl:ruleRemoveById=920420,ctl:ruleRemoveById=949110"

# Autoriser toutes les requêtes .com pour l'agent utilisateur Plausible
SecRule REQUEST_HEADERS:User-Agent "@contains Plausible" \
    "id:1000008,phase:1,t:none,pass,nolog,ctl:ruleRemoveById=920440,ctl:ruleRemoveById=949110"

# Autoriser l'accès aux requêtes .com pour l'agent utilisateur Plausible
SecRule REQUEST_URI "@contains .com" \
    "id:1000010,phase:1,t:none,pass,nolog,ctl:ruleRemoveById=920440,ctl:ruleRemoveById=949110"

Thanks for your feedback for those who use modsecurity

[ruslandoga]

👋 @2803media

Is modsecurity somehow related to Apache configuration? I don't use Apache myself so I have very little context here :)

[ruslandoga]

If it is about Apache, would you be able to open a PR with the relevant changes to its configuration (https://github.com/plausible/community-edition/blob/v2.1.1/reverse-proxy/apache2/plausible.conf) and explain these changes in detail?

[2803media]

It's not really a change to the apache conf it's a setup for modsecurity with apache in order to not block Plausible, it's maybe more a doc than an apache conf for virtualhost!

[ruslandoga]

Would you be able to provide the documentation to this section https://github.com/plausible/community-edition/tree/v2.1.1/reverse-proxy#apache2?

[2803media]

Ok I will make a PR

[ruslandoga]

Moved to #153

[2803media]

Sorry I messed up a bit the PR ;)