Plesk & SocialBee have teamed up. Save 30% now!

Get the Deal

Knowledge Base

Atomic ModSecurity Rule Sets

 
administrator guideserver administrationweb application firewall modsecurityanti spamanti spam protection

The Atomic Basic ModSecurity rule set includes the following:

  • SQL injection protection.
  • Cross-site scripting protection.
  • Remote and local file injection/inclusion attack protection.
  • Command injection protection.
  • Limited virtual patches (The Complete rule set includes all virtual
    patches. Refer to the following article for explanation what is a
    virtual patch: https://atomicorp.com/jitp).

The complete Advanced ModSecurity Rules by Atomicorp rule set includes
the following:

  • Full Basic ModSecurity rule set.
  • Denial of Service protection.
  • Real time blacklists (Supports third party blacklists such as
    Spamhaus).
  • Advanced anti-evasion protection (Prevents someone from trying to
    bypass the WAF).
  • Threat Intelligence protection (This is based on real time attack
    intelligence reported by other customers, which is then make
    available in real time to everyone using the complete rules. This
    means if customer A is attacked by a system, everyone blocks that
    attacker in real time.)
  • Automatic secure whitelisting of search engines (No false positives
    with search engines, they are automatically detected and whitelisted
    in a way that prevents spoofing. This ensures that sites page rank is
    also protected.)
  • Malicious bot protection.
  • Automatic removal of malicious code from websites (If a website is
    compromised, the complete rules will remove the malicious code from
    the website in real time, without touching any code on the system.
    This ensures that there is no risk to the customer websites, and also
    removes anything malicious from them. This means you can use the
    rules on a system that’s already been compromised, and eliminate the
    effects of the web applications compromise without having to do
    anything other than install the rules.)
  • Advanced protection rules for SQL injection, XSS, CSRF, RFI, LFI.
  • Advanced protection for WordPress, Joomla, Drupal, Magento, and other
    popular web applications.
  • Brute force protection (Detects and blocks web authentication brute
    force attacks, without relying on either status codes or logs).
  • Anti-spam protection (Blocks web spam).
  • All Virtual Patches for Zero Day vulnerabilities (Refer to the
    following article for explanation what is a virtual patch:
    https://atomicorp.com/jitp).
  • Data loss protection rules (Protection from credit card theft,
    sensitive data, error messages that show sensitive data).
  • PCI-DSS compliance (Meets PCI-DSS WAF compliance requirements).
  • Domain source blocking (You can block a source by the domain name or
    FQDN that resolves from its IP address.)
  • Malware protection.
  • Web shell protection (Detects and blocks web shells and other
    malicious code from running.)
  • Whitelisting and blacklisting.
  • Advanced false positive prevention (Complete rules contain additional
    advanced code to prevent false positives.)
  • Real time support (False positives are resolved within minutes or
    hours, although they are very rare with the complete rules.)
  • Updates multiple times daily.
Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2024 WebPros International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of WebPros International GmbH.

Managed with love with Plesk WP Toolkit