Hosting Solutions

Website Protection

Tools

Hosting

Our hosting solutions are engineered for powerful and reliable performance online. From shared and dedicated hosting to SSL certificates and web security and backup, you can rely on our solutions to provide 99.5% uptime and availability whenever, wherever!

Technical Support

Our IT specialists provide your business with solutions to help with common software and hardware issues across all devices whether on desktop, laptop, or on mobile.

Digital Marketing

Expand your reach online, and efficiently hit business objectives by implementing strategic digital marketing campaigns.

Web

In this digital age, a well-designed website is a game changer. But "well-designed" doesn't just mean aesthetics, but overall user experience. We create highly-functional websites that can support your business objectives -- whether that means driving awareness, lead generation, or even sales.

How Can We Help?
< All Topics
Print

cPanel ModSecurity

Posted
Updated
ByiManila Support

Overview
ModSecurity is an open-source web-based firewall application (WAF) supported by different web servers like Apache, Nginx and IIS.

Usage
The module is configured to protect web applications from various attacks. ModSecurity supports flexible rule engine to perform both simple and complex operations. It comes with OWASP (Open Web Application Security Project) ModSecurity™ CRS (Core Rule Set). The OWASP ModSecurity™ CRS is a set of rules that Apache’s ModSecurity™ module can use to help protect your server. While these rules do not make your server impervious to attacks, they greatly increase the amount of protection for your web applications.

It comes with a Core Rule Set (CRS) which has various rules for:

  • cross website scripting
  • bad user agents
  • SQL injection
  • trojans
  • session hijacking
  • other exploits

Why should I use the OWASP ModSecurity rule set?

  • Protection from insecure web application design — ModSecurity rule sets can provide a layer of protection for web applications such as WordPress, phpBB, or other types of web applications. It can potentially protect against vulnerabilities in out-of-date web applications that protect against vulnerabilities in unpatched, out-of-date applications. If the developer of an application makes a security mistake, ModSecurity may block a security attack before it can access the vulnerable application.
  • Protection against operating system level attack — ModSecurity rule sets can protect against attacks that exploit the operating system of your server. For example, in 2014, there was a security flaw in the Bash shell program that Linux servers use. Security experts created ModSecurity rules to disallow the use of the exploit thought Apache. Server administrators used these ModSecurity rules and added additional security to their system until the release of a security patch for Bash shell.
  • Protect against generalized malicious traffic — Some of the security threats that server administrators face may not directly attack a program or application on your server. DoS (Denial of Service) attacks, for example, are common attacks. You can reduce the impact of such malicious traffic through the use of ModSecurity rules.

What are the risks?
As with any mechanism that blocks web traffic, OWASP rules could block legitimate traffic (false positives). While both OWASP and cPanel, L.L.C. aim to curate the OWASP rule set to reduce the potential for false positives, the rule set may block legitimate traffic.

Tags:
Table of Contents

Let's work together!

Make the first move! Let iManila help you maximize your presence online.

Just fill out your contact details and tell us what you need, then we’ll be sure to get back to you as soon as possible.



 

About

Connect with us

Services

Get in touch

Quicklinks

Terms and Conditions | Privacy Policy
Copyright © 2023 iManila