Keycloak and modsecurity(is keycloak really secured)

[Thavarajan M]

Hi team, 

    Thank you for the excellent application. Our plan is to use Keycloak as our primary login app, but before we move forward with deployment, we need to address one concern. The issue arose when we enabled mod-security on the Apache server. This resulted in several Keycloak screens and operations becoming blocked, including the ability to update the theme.

    This has caused some concern for us and we would like to understand if these rules were triggered by false alarms or if it is acceptable to disable them. If disabling the rules is a viable solution, a detailed explanation for doing so would be greatly appreciated. We understand the importance of maintaining the security of our systems, but we also need to ensure that Keycloak can perform all of its intended functions

Regards

Thavarajan.M