AWAFAWAF

MODX

Prefer .htaccess auto_prepend_file for MODX where php_value is supported. If it is unavailable, config.core.php remains a good MODX-specific early fallback.

Preferred method

On Apache with mod_php and allowed php_value, place the directive in the MODX site root .htaccess and use the absolute AWAF path.

php_value auto_prepend_file "<path_to_directory>/antibot/index.php"

MODX fallback

If php_value is unavailable and .user.ini, vhost/pool config, or hosting panel settings cannot be used, add AWAF to config.core.php. That point usually runs earlier than the front index.php and is more suitable for MODX than index.php-only integration.

require_once $_SERVER['DOCUMENT_ROOT'].'/antibot/index.php';

Verify

  • Back up .htaccess or config.core.php before editing.
  • Test public pages, MODX manager, AJAX/connectors, and forms.
  • Confirm logs/, cache/, and lists/ are writable by the web server.
  • Add precise exceptions for service URLs when captcha is not appropriate.

Why not index.php only

Some MODX flows may not pass through the normal front index.php. auto_prepend_file covers every PHP file in scope; config.core.php is also usually broader than a front-index-only include.