Mod-Security
Security Tips

What is ModSecurity and why you need it?

3 Mins read

With the growing use of internet, deployment of web applications has also increased. These applications are used to perform functions like collecting personal and confidential information like credit and bank account information, internet chatting, sending emails etc.

But these web applications, being easily accessible, are a gateway to the web and database vulnerabilities which are on the rise now days.

How your web page acquires vulnerabilities?

  •   Improper/poor coding of website or web applications
  •   Complex set up of applications
  •   Downloading of open source applications – WordPress, Joomla  etc.wikis, bulletin boards, and portals without much upgrade or patching.

What are the common security vulnerabilities that attack web applications?

As per research, maximum number of web attacks are carried at the web application level. Some of the common vulnerabilities are

  • SQL injection and Blind SQL injection.
  • Cross Site Scripting (XSS).
  • OS Command Injection and remote command access.
  • File name injection.
  • ColdFusion, PHP and ASP injection.
  • E-Mail Injection
  • HTTP Response Splitting.
  • Universal PDF XSS.
  • Trojans & Backdoors Detection

Thus, one needs a strong security solution like MOD SECURITY which detects and blocks these web vulnerabilities on one hand and strengthens the security of the server on the other hand.

What is Mod Security?

Mod Security is an open source, embedded web application firewall which protects your website and its applications against various attacks by blocking malicious scripts, programs and injections with the help of regular expressions and set of rules.

It is a module for Apache web servers and checks all HTTP requests that reach Apache and Nginx- supplementary web server of Apache.

What Mod Security can do to protect your website?

The Mod Security engine scans all the requests which come to the web server and relative responses which are send from the server as per its set of rules. If the check succeeds, the HTTP request is passed to the website content but if it fails, then it blocks the request and performs following actions

  • Security monitoring and access control
  • Virtual patching
  •  Full HTTP traffic logging
  • Security assessment
  • Web application hardening
  • Passive security assessment
  • Simple request or Regular expression based Filtering
  • URL Encoding Validation
  • Auditing
  • IP Reputation
  •  Null byte attack prevention
  • Server identity masking
  • Uploads memory limits

At ZNetLive, you get Mod Security enabled on shared hosting plans, reseller hosting plans by default and free of charge. For VPS/ Dedicated plans this is enabled on the request of client but is free of cost. 🙂

How to recognize if Mod Security is installed on the web server?

Recognizing Mod Security is quite easy. For e.g. any website which shows messages like 406 error-Not Acceptable, 403 Forbidden error ,404 Not found error and other false positive symptoms instead of displaying the web page shows that server on which it is hosted has Mod Security installed on it.

Managed Alibaba Cloud

Cheaper, Faster & Secure Cloud Hosting

These messages occur due to the violation of the Core Rules Set (CRS) by the mod security.

You can also check whether your web hosting company is providing it or not by directly logging into your control panel and checking it.

What to do when your IP is blocked/blacklisted?

Regular triggering of Mod Security rules results into blocking of respective IP address in server firewall from which request has been sent regularly.

Blocking of your IP address means nothing is accessible to you on the web server. So in that case you need to contact us at [email protected].
Note- Mod Security Rules and IP address can be White listed by the support team of the web host only. (Whitelisting your IP will allow any requests from that particular IP which would normally be blocked by Mod Security to be allowed instead.

How to disable Mod Security from Apache module?

If at any point of time you feel that rules of this security tool are interfering with the operations of the website and do not find modification of rules comfortable ,then the best solution for you is to disable Mod Security filtering and rules.

Here’s how you can disable Mod Security for your account/website:

Step 1. Log into your hosting CPanel account
image for log into c panel
Step 2. Find Mod Security in the search bar
Find Mod Security
Step 3. Click on Mod Security icon
click on mod security image
Step 4. See the dashboard for Mod Security-Domain Manager
image for see the dashboard
Step 5. Final step to disable Mod Security
  •  Click on Disable option for disabling all domains

Use this option when you want Mod Security to be ineffective for  your account in whole (website).

image for click on disable option
  • Click on Off option for disabling Mod Security on specific domain

If you want to disable Mod Security on any particular domain of your website then use this option as it will remove effect of rules on a specific domain rather than effecting whole website. In other words, Mod Security rules will remain enabled for all other domains in your account

Click on off option1

Important Note– Once you have disabled the Mod Security on your account, one essential point you need to consider is that your website will now be at risk from vulnerabilities.

Services ZNetLive offers:

Register Domain Name

Linux Shared Hosting

Managed WordPress Hosting

Self Managed VPS Hosting

Self Managed Dedicated Server

If you have any doubt regarding this write up, feel free to drop comments in the section below.

Reference blogs

Improving Hosting Experience at ZNetLive (2) – Server & Website Security
Launching SiteLock – Website Malware Scanning & Detection Tool

AI-powered Backup Solution

Unmatched Backup Features from Future

77 posts

About author
Lipika Is a fun loving person who enjoys writing. She loves learning about all things technical and loves guiding others about it. In her free time, she likes dancing and listening to music. You can catch her at Google+.
Articles
Related posts
Security Tips

How to define a proactive security approach with Endpoint Detection and Response (EDR)?

5 Mins read
While navigating an evolving digital phase, businesses encounter the mounting challenge of safeguarding their endpoints against increasingly sophisticated cyber threats. Against this…
Security Tips

What is Endpoint Security? How does it work and what are its use cases?

4 Mins read
The traditional boundaries that once confined us to a designated office space have blurred, giving rise to the era of hybrid work….
Security Tips

7 Must-follow Tips for Data Leakage Prevention (DLP) in 2024

5 Mins read
In today’s modern digital world where technology rules the roost, safeguarding sensitive information has become highly critical. As organizations harness the power of…