- Nov 18, 2020
- by Brad Litwin
Our team has been hard at work to deliver enhanced account protection using ModSecurity. In the coming weeks, FREE ModSecurity protection will automatically be rolled out on our Shared Hosting and Reseller Hosting accounts. There’s no need for action on your part! Learn all about ModSecurity and its benefits below!
What is ModSecurity?
The vast majority of website attacks occur because vulnerabilities found in certain web applications (i.e. CMS software, blogs, eCommerce carts, forums etc.) are exploited. ModSecurity is a web-based firewall application (WAF) security solution that adds an additional layer of protection to protect against this sort of attack. ModSecurity detects and blocks these types of attacks before they can reach your web application.
What Do I Need To Know About False Positives?
ModSecurity works in the background checking every page request your site receives against a number of security rules. Requests that are deemed malicious are blocked in an attempt to keep your site safe. ModSecurity, like any other WAF, can produce false positives. This means ModSecurity may occasionally incorrectly block a legitimate request. This can occur if the application is poorly coded and appears to be malicious.
If a false positive occurs, you may receive a 403 Forbidden, 404 Not Found or 406 Not Acceptable Error. This can easily be corrected by contacting our Support team. We will be happy to help you solve this issue!
What Are The Advantages Of ModSecurity?
The bottom line is that ModSecurity will be a free service, automatically configured on our Shared and Reseller accounts. The intent is to keep your websites even safer! ModSecurity provides us with improved protection against a number of different attacks including:
- SQL Injections
- Cross Website Scripting
- Session Hijacks
- Bad User Agents
- Additional Exploits