Why ModSecurity is a Must to Protect Your Website
Web security is a priority for all of us. Hackers and bad actors always seem to be a step ahead of the game, and it’s essential to find and use the right tools to keep your site secure.
At Localnode, we recommend ModSecurity to our first class hosting clients. If you’re not familiar with it, we’ll explain what it is and why we think you should be using it in tandem with our superior network – and tell you about the robust ModSecurity rules we’ve created.
What is ModSecurity?
ModSecurity is an open-source, web-based application firewall, or WAF for short. You might have a firewall in-house on your network server, but that may not be enough. A report from Acunetix found that 46% of all websites have high-security vulnerabilities and 87% have medium vulnerabilities.
ModSecurity uses a flexible rule engine to protect a website. The Core Rule Set, or CRS, includes rules for all the following:
- Cross website scripting (XSS)
- SQL injection
- Session hijacking
- Bad user agents
- Other exploits and security risks
If you use WordPress or another dynamic content management system, or eCommerce applications such as Shopify or Magento, your site may be vulnerable. Using ModSecurity can help protect you, particularly when it’s used in conjunction with superior hardware and superior software.
While ModSecurity began as an Apache model, it can now interface with Microsoft’s IIS server, NGINX, and other commonly used web servers.
How Does ModSecurity Protect Websites?
ModSecurity functions as a real-time monitor of your site’s traffic and network requests – it tracks all requests and compares them to the patterns associated with common web attacks and attempted intrusions.
As we mentioned before, ModSecurity uses a set of rules to help it decide which network requests to accept and which to refuse. You have two options to determine the ruleset you use for your site. The first is to use a free ruleset; the second is to rely on your server administrator to provide a set of rules.
At Localnode, we update our ModSecurity rules regularly to ensure the best possible protection for our first class hosting clients. The rules you use should protect against common attacks such as PHP-code injection, bot attacks, and SQL injection.
Are There Risks Associated with ModSecurity?
We strongly urge our first class hosting clients to use ModSecurity, but there are a few potential drawbacks and risks you should be aware of:
- You’ll still need to update your CMS because the rules can’t account for specific vulnerabilities in your CMS.
- There’s a possibility of some false positives, meaning that some web traffic may be blocked by accident. That means that you’ll need to review your blocked network requests and add exceptions to your rules as required.
- Every application is different. For that reason, it’s possible that ModSecurity may not protect everything perfectly because new applications are created and deployed every day.
At Localnode, we feel that the protection provided by a robust set of ModSecurity rules is worth the few risks associated with using ModSecurity. When combined with first class hosting, ModSecurity can provide you with the strongest possible protection against hackers and other bad actors.
There’s are significant risks associated with running web applications on your website. ModSecurity is one of the best ways to protect yourself against common attacks and keep your site safe.
To learn more about Localnode’s first class hosting, please click here now.