For several months now, we have been using a security module called ModSecurity, which allows us to better protect your sites by filtering Web requests through predefined rulesets. Today, we are deploying a major update on this system and activating new complementary features to improve its efficiency and performance.
In a nutshell, ModSecurity allows us:
- the optimization of performances by controlling web requests that abuse resources on our servers
- a more efficient and centralized control over the protection of your sites
Optimized Functionnalities
Here are the main ModSecurity functions that will be optimized.
Dynamic Banned IP Address List
Our system recuperates lists of known IP addresses that attempt to send spam or that pollute forums and blogs. We recuperate these lists from valid sources that combat spam and from addresses we compile ourselves.
The IP addresses that are blocked by our system no longer have Web access to our servers, which allows for a greater management of preventive security management.
More Precise Rules
The ModSecurity configurations are now more precise, therefore allowing us to avoid the accidental blocking of legitimate requests. Additionally, these configurations that can often use a lot of server resources have been optimized, ensuring us optimal performances along the process.
Centralization
As soon as a threatening source has been detected on a server, we can block it off 3 ways: by IP address, by referrer or by user-agent. The threats are then blocked on all our servers, thereby protecting all our infrastructure instead of a single server at a time. In addition to reducing our reaction time, this automated blocking allows us to be optimal and constant when it comes to the security of our infrastructures.
Protection Against Brute Force Attacks
A brute force attack is a method used by hackers to find an access password to a connection page. The method consists of attempting all possible combinations, one by one, which is a good reason for you to make sure you use a password that is not too easy! Attacks like we have recently seen on WordPress can be mitigated, and our ModSecurity update can reduce the impacts of these attacks.
Customer Impact: None
These optimizations should not affect you other than positively. However, should you encounter a problem such as seeing a 403 or 406 error page instead of your website, immediately contact our support staff. That being said, we do not expect any negative impacts following the optimization of ModSecurity.
