diff --git a/docker-compose.yml b/docker-compose.yml
index 74bc3d3..5856534 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,6 +9,8 @@ services:
     volumes:
       - ./html-es.hackmeeting.org:/var/www/html
       - ./etc/hm/LocalSettings.php:/var/www/html/LocalSettings.php
+      - ./etc/modsecurity/hm.conf:/etc/modsecurity/hm.conf
+      - ./data/hm/logs/apache2:/var/log/apache2
   mariadb:
     restart: always
     image: mariadb
diff --git a/etc/modsecurity/hm.conf b/etc/modsecurity/hm.conf
new file mode 100644
index 0000000..b4492c8
--- /dev/null
+++ b/etc/modsecurity/hm.conf
@@ -0,0 +1,7 @@
+# Drop XSS checks on es.hackmeeting.org mediawiki
+SecRule REQUEST_URI "@beginsWith /hm/index.php" \
+    "id:1004,\
+    phase:1,\
+    pass,\
+    nolog,\
+    ctl:ruleEngine=off" 
diff --git a/images/hm/Dockerfile b/images/hm/Dockerfile
index afc6153..0ed84a1 100644
--- a/images/hm/Dockerfile
+++ b/images/hm/Dockerfile
@@ -1,7 +1,7 @@
 FROM php:7.0-apache
 
 RUN apt-get update
-RUN apt-get install -y unzip libicu-dev
+RUN apt-get install -y unzip libicu-dev libapache2-mod-security2 modsecurity-crs
 # RUN apt-get install -y libzip4 libzip-dev
 
 # RUN docker-php-ext-install zip
@@ -13,4 +13,6 @@ RUN docker-php-ext-install intl
 RUN a2enmod headers
 RUN a2enmod rewrite
 
+RUN sed 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/modsecurity/modsecurity.conf-recommended > /etc/modsecurity/modsecurity.conf
+
 WORKDIR /var/www/html