Hi guys, I have installed Mod security on a debian server in the last day. The server has 3 WordPress websites on it and a handful of static html sites. Today, modsecurity owasp flagged an ssl injection attack on two of the WordPress websites but not the third WordPress site on this server. The two sites that were flagged by Mod security are linked..they belong to the same owners engineering business. Anyway I am not yet sure whether or not this was a false positive or whether I need to tweak Mod security...both websites went offline for a long period of time. So my question is, in the event of an injection attack, how can I set Mod security to redirect to homepage (or even a static clone page of the website homepage on a different directory) instead of the wordpress website being taken out with 503 errors? From what I can see, the webserver itself was functioning, as well as mysql and php fpm...it was just the two WordPress website that went down. One of the WordPress sites also had Wordfence WAF, the other only had "Limit Login Attempts" plugin by Best Websoft.
