MODX
Prefer .htaccess auto_prepend_file for MODX where php_value is supported. If it is unavailable, config.core.php remains a good MODX-specific early fallback.
Preferred method
On Apache with mod_php and allowed php_value, place the directive in the MODX site root .htaccess and use the absolute AWAF path.
php_value auto_prepend_file "<path_to_directory>/antibot/index.php"MODX fallback
If php_value is unavailable and .user.ini, vhost/pool config, or hosting panel settings cannot be used, add AWAF to config.core.php. That point usually runs earlier than the front index.php and is more suitable for MODX than index.php-only integration.
require_once $_SERVER['DOCUMENT_ROOT'].'/antibot/index.php';Verify
- Back up .htaccess or config.core.php before editing.
- Test public pages, MODX manager, AJAX/connectors, and forms.
- Confirm logs/, cache/, and lists/ are writable by the web server.
- Add precise exceptions for service URLs when captcha is not appropriate.
Why not index.php only
Some MODX flows may not pass through the normal front index.php. auto_prepend_file covers every PHP file in scope; config.core.php is also usually broader than a front-index-only include.