Submitted by Admin on 21/Mar/2011 13:11
As server admin's, we always strive to provide top notch service and support. Running a server not only involves keeping the server online, but also we have to ensure that data on the server remains secure and safe.
Security is a big problem for anything that is online, but for a server running several websites, this problem is further accentuated. Following are some popular types of attacks which are attempted on the web server :
These attacks happen generally due to poor coding. in-complete testing and just plain simple ignorance. It is practically impossible for us to lead each webmaster by hand and tell them to do things the right way. Instead we deploy a Web Server Firewall i.e. http://www.modsecurity.org/. This software acts the same was as an Operating System's firewall, stops bad requests, and let the good ones go.
So how does ModSecurity work? - ModSecurity is an Apache Module (the web server) that filters both GET and POST requests and lets only those requests pass through which it deems fit, Denied requests are responded with '406 - Not Acceptable' error. In-case the same request is repeated multiple times, access to the server itself is denied to the originating IP address.
Most of the times the above scenario works fine, but in certain cases access to even genuine requests is denied. At this point we can say that a Security practice interferes with Usability requirements. Ideally we wish that the client is able to resolve the issue within the bounds of ModSecurity, but in many a case, we need to put ignore rules for particular website and/or paths.
So next time it happens to your site, please call us on 0172-4648208, 4648308 and have it sorted out
Security is a big problem for anything that is online, but for a server running several websites, this problem is further accentuated. Following are some popular types of attacks which are attempted on the web server :
- SQL Injection - http://en.wikipedia.org/wiki/Sql_injection
- Uploading of dangerous scripts via file uploading functionality - http://packwebhosting.com/content/file-uploading-safer-way-php-module
- XSS Attack (Cross Site Scripting) - http://en.wikipedia.org/wiki/Cross-site_scripting
These attacks happen generally due to poor coding. in-complete testing and just plain simple ignorance. It is practically impossible for us to lead each webmaster by hand and tell them to do things the right way. Instead we deploy a Web Server Firewall i.e. http://www.modsecurity.org/. This software acts the same was as an Operating System's firewall, stops bad requests, and let the good ones go.
So how does ModSecurity work? - ModSecurity is an Apache Module (the web server) that filters both GET and POST requests and lets only those requests pass through which it deems fit, Denied requests are responded with '406 - Not Acceptable' error. In-case the same request is repeated multiple times, access to the server itself is denied to the originating IP address.
Most of the times the above scenario works fine, but in certain cases access to even genuine requests is denied. At this point we can say that a Security practice interferes with Usability requirements. Ideally we wish that the client is able to resolve the issue within the bounds of ModSecurity, but in many a case, we need to put ignore rules for particular website and/or paths.
So next time it happens to your site, please call us on 0172-4648208, 4648308 and have it sorted out
