Twitter     Facebook
Hosting Discussion
 

forgot password?



FORUM SUPPORTERS:

Reply


Old
  Post #1 (permalink)   05-08-2020, 03:33 PM
HD Newbie
 
Join Date: Jul 2017
Location: Malmo, Sweden
Posts: 26
Send a message via Skype™ to linuxse

Status: linuxse is offline
Hi what are the best ModSecurity™ Vendors & rule sets for WHM Servers?
__________________
Malmö Cloud is an exceptional web hosting company with many years of experience in I.T.

Malmö Cloud is Sweden's best WEB HOSTING 2020
 
 
 


Old
  Post #2 (permalink)   05-10-2020, 08:44 PM
HD Newbie
 
Join Date: Jul 2017
Location: Malmo, Sweden
Posts: 26
Send a message via Skype™ to linuxse

Status: linuxse is offline
I was told that most web hosting companies do not use any ModSecurity Sets on there servers is this correct?
__________________
Malmö Cloud is an exceptional web hosting company with many years of experience in I.T.

Malmö Cloud is Sweden's best WEB HOSTING 2020
 
 
 


Old
  Post #3 (permalink)   05-11-2020, 03:29 PM
HD Community Advisor
 
bigredseo's Avatar
 
Join Date: Aug 2015
Location: Omaha, Nebraska
Posts: 449

Status: bigredseo is offline
Who told you that, or where did you read it?

I know plenty of hosts that are using ModSecurity rules on servers. I know some don't but I don't think I"d say "most do not use it".
__________________
Conor Treacy
Big Red SEO - SEO, Web Design, PPC Management & Training
ConorTreacy.com <- That's Me! ;)
 
 
 


Old
  Post #4 (permalink)   05-12-2020, 10:27 AM
HD Newbie
 
Join Date: Jul 2017
Location: Malmo, Sweden
Posts: 26
Send a message via Skype™ to linuxse

Status: linuxse is offline
Quote:
Originally Posted by bigredseo View Post
Who told you that, or where did you read it?

I know plenty of hosts that are using ModSecurity rules on servers. I know some don't but I don't think I"d say "most do not use it".
I saw this article https://devcentral.f5.com/s/articles...-security-3703
__________________
Malmö Cloud is an exceptional web hosting company with many years of experience in I.T.

Malmö Cloud is Sweden's best WEB HOSTING 2020
 
 
 


Old
  Post #5 (permalink)   05-12-2020, 03:02 PM
HD Community Advisor
 
bigredseo's Avatar
 
Join Date: Aug 2015
Location: Omaha, Nebraska
Posts: 449

Status: bigredseo is offline
Did you check the date on that article? 2008.

There's a lot of things that mod_security can do to help protect a website, but it does use resources (just like any software running on a machine).

If you're using an enterprise grade firewall on a separate machine prior to the user ending up on your phsycal device, then often the work is handled by those machines and you can safely disable mod_security on your individual server (or on a domain by domain basis).

Disabling as a general rule is not normal from what I remember. There are places like Kinsta and WPEngine that disable it by default, but they've offloaded the protection to a separate firewall.

I guess it will depend on how your security is setup, and what you're using as a firewall before hitting your physical machine. The VPS machines that I currently utilize still have mod_security on them, with explicit instructions based on what the machines are designed to do.

We've not had issues with resources, but then on the VPS machines, they're not configured for heavy loads either. Sites with heavy loads are usually shifted off to other locations, utilizing load balancing etc, and at that point utilizing separate WAF systems that negate the need for mod_security.

mod_security itself is designed to detect certain rules and then act upon them. Usually you design it so that it prevents certain situations rather than specifying all the things that it CAN do. As a result, the load impact is usually minimal as it's only looking for things that it CAN'T do, similar to what a software firewall (ConfigServer Firewall for example) operates.
__________________
Conor Treacy
Big Red SEO - SEO, Web Design, PPC Management & Training
ConorTreacy.com <- That's Me! ;)
 
 
 
The Following User Says Thank You to bigredseo For This Useful Post:
Artashes (05-12-2020)
Reply

Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On