With the growing use of internet, deployment of web applications has also increased. These applications are used to perform functions like collecting personal and confidential information like credit and bank account information, internet chatting, sending emails etc.
But these web applications, being easily accessible, are a gateway to the web and database vulnerabilities which are on the rise now days.
How your web page acquires vulnerabilities?
- Improper/poor coding of website or web applications
- Complex set up of applications
- Downloading of open source applications – WordPress, Joomla etc.wikis, bulletin boards, and portals without much upgrade or patching.
What are the common security vulnerabilities that attack web applications?
As per research, maximum number of web attacks are carried at the web application level. Some of the common vulnerabilities are
- SQL injection and Blind SQL injection.
- Cross Site Scripting (XSS).
- OS Command Injection and remote command access.
- File name injection.
- ColdFusion, PHP and ASP injection.
- E-Mail Injection
- HTTP Response Splitting.
- Universal PDF XSS.
- Trojans & Backdoors Detection
Thus, one needs a strong security solution like MOD SECURITY which detects and blocks these web vulnerabilities on one hand and strengthens the security of the server on the other hand.
What is Mod Security?
Mod Security is an open source, embedded web application firewall which protects your website and its applications against various attacks by blocking malicious scripts, programs and injections with the help of regular expressions and set of rules.
It is a module for Apache web servers and checks all HTTP requests that reach Apache and Nginx- supplementary web server of Apache.
What Mod Security can do to protect your website?
The Mod Security engine scans all the requests which come to the web server and relative responses which are send from the server as per its set of rules. If the check succeeds, the HTTP request is passed to the website content but if it fails, then it blocks the request and performs following actions
- Security monitoring and access control
- Virtual patching
- Full HTTP traffic logging
- Security assessment
- Web application hardening
- Passive security assessment
- Simple request or Regular expression based Filtering
- URL Encoding Validation
- Auditing
- IP Reputation
- Null byte attack prevention
- Server identity masking
- Uploads memory limits
At ZNetLive, you get Mod Security enabled on shared hosting plans, reseller hosting plans by default and free of charge. For VPS/ Dedicated plans this is enabled on the request of client but is free of cost. 🙂
How to recognize if Mod Security is installed on the web server?
Recognizing Mod Security is quite easy. For e.g. any website which shows messages like 406 error-Not Acceptable, 403 Forbidden error ,404 Not found error and other false positive symptoms instead of displaying the web page shows that server on which it is hosted has Mod Security installed on it.
Managed Alibaba Cloud
Cheaper, Faster & Secure Cloud Hosting
These messages occur due to the violation of the Core Rules Set (CRS) by the mod security.
You can also check whether your web hosting company is providing it or not by directly logging into your control panel and checking it.
What to do when your IP is blocked/blacklisted?
Regular triggering of Mod Security rules results into blocking of respective IP address in server firewall from which request has been sent regularly.
Blocking of your IP address means nothing is accessible to you on the web server. So in that case you need to contact us at [email protected].
Note- Mod Security Rules and IP address can be White listed by the support team of the web host only. (Whitelisting your IP will allow any requests from that particular IP which would normally be blocked by Mod Security to be allowed instead.
How to disable Mod Security from Apache module?
If at any point of time you feel that rules of this security tool are interfering with the operations of the website and do not find modification of rules comfortable ,then the best solution for you is to disable Mod Security filtering and rules.
Here’s how you can disable Mod Security for your account/website:
Step 1. Log into your hosting CPanel account
Step 2. Find Mod Security in the search bar
Step 3. Click on Mod Security icon
Step 4. See the dashboard for Mod Security-Domain Manager
Step 5. Final step to disable Mod Security
- Click on Disable option for disabling all domains
Use this option when you want Mod Security to be ineffective for your account in whole (website).
- Click on Off option for disabling Mod Security on specific domain
If you want to disable Mod Security on any particular domain of your website then use this option as it will remove effect of rules on a specific domain rather than effecting whole website. In other words, Mod Security rules will remain enabled for all other domains in your account
Important Note– Once you have disabled the Mod Security on your account, one essential point you need to consider is that your website will now be at risk from vulnerabilities.
Services ZNetLive offers:
If you have any doubt regarding this write up, feel free to drop comments in the section below.
Reference blogs
• Improving Hosting Experience at ZNetLive (2) – Server & Website Security
• Launching SiteLock – Website Malware Scanning & Detection Tool
AI-powered Backup Solution
Unmatched Backup Features from Future