What is ModSecurity?
ModSecurity is a web application firewall module designed for use with Apache web servers. It provides an increased level of server security by protecting the server from vulnerabilities present in web application code. This increased security is achieved by detecting and preventing possible attack fronts before they reach the actual application. It is now estimated that over 70% of all attacks on web servers are carried out at web application level, hence the need for more secure web hosting environment.
FASTDOT deploys ModSecurity on all of our shared Linux hosting solutions to ensure we are able to provide the most secure shared hosting environment possible for our clients. Whilst it is not a guaranteed solution to protect against all web vulnerabilities, it reduces the attack surface of our hosting environments and therefore reduces the chances of a security breach.
From time to time, having ModSecurity installed will mean clients may experience ip blocks if code on a client website is deemed insecure. These blocks can also occur when using applications that are attempting to communicate with the server in an insecure manner, which can be caused by trojans/viruses on your pc or other software programs or their plugins.
What attacks do the Core Rules protect against?
In order to provide generic web applications protection, the Core Rules use the following techniques:
- HTTP protection – detecting violations of the HTTP protocol and a locally defined usage policy.
- Common Web Attacks Protection – detecting common web application security attack.
- Automation detection – Detecting bots, crawlers, scanners and other surface malicious activity.
- Trojan Protection – Detecting access to trojan horses.
- Errors Hiding – Disguising error messages sent by the server
Troubleshooting ModSecurity Alerts
Though there are many things that can trigger ModSecurity when working on or accessing your site, the first things you should check are the following:
- When a server block occurs, a log file is created which highlights which files were being accessed at the time the block occurred. This needs to be thoroughly checked to ascertain what the problem is. There are many forums that discuss ModSecurity and these are the best place to go to for help working out what the problem might be.
- Are you using a good, dedicated FTP program such as FileZilla? Web browser based FTP clients have been known to cause issues with ModSecurity and are not programs we recommend using.
- Have you performed a thorough virus scan to ensure you have no vulnerabilities on your pc? You may want to also check all pc’s on your network just in case there is nothing lurking in the background.
- Do you have any plugins installed into your web browser that may be trying to scan the server or web pages you are visiting? Browser plugins can be very useful but have often been the cause of ModSecurity issues. An example of this is the Firebug plugin for Firefox which we have found to be the culprit of a number of ModSecurity alerts.
FASTDOT’s Enterprise Cloud Server are excellent choices for:
- IaaS Cloud Stack for reselling virtualised environments
- Mission critical financial institutions running MetaTrader / Forex Trading Solutions
- Implementing mission-critical SAP, Exchange, Sharepoint, Zimbra or MS SQL Database Server
- Security with high-grade ISO 27001 qualifications.
- Businesses looking to upgrade to a dedicated server, but not looking to spend thousands of dollars on hardware and datacenter hosting costs.
- Setting up your own external Exchange or MSSQL database server powered by the resources of a Tier 3 data centre.
- Small or large dynamic websites needing to move away from restrictive shared hosting environments.
- Web hosting resellers looking to take their business to the next level.
- A cost-effective method for delivering dynamically scalable “Infrastructure as a Service” (IaaS Hosting) and “Software as a Service Hosting” (SaaS Hosting) solutions which can scale up or down with your evolving business needs.
- Customers who require Mission-Critical hosting environments with dynamic scalability where 24/7 uptime is absolutely critical to your business needs
Get Started with VMware Cloud Hosting
Your new VMware Virtual Servers will be commissioned shortly.