The Web Application Firewall (WAF) mod security screens and prevents known dangerous HTTP requests. Many, but not all, types of Brute Force, Cross-Site Scripting (XSS), Remote File Inclusion (RFI), Remote Execution, and SQL injection (SQLi) attacks are blocked HTTP requests.
Mod security is enabled by default on GreggHost for free. The ‘Extra Web Security’ option in the panel can be used to enable or disable this capability.
Where to enable this feature?
The panel has two parts to which this can be added:
On the Domains page, click Manage.
When making changes to SSL settings,
Enabling mod_security on the ‘Manage Domains’ page
Go to the Manage Domains section.
Under the Web Hosting column, click the Edit button.
The page Manage Domains appears:
Activate enhanced security.
The checkbox labelled Extra Web Security? is activated by default in the Web Options section.
Uncheck this box and save the modification if you want to disable mod security (s).
Extra Web Security enables you to use a unique security module on your website. This option blocks many common attacks that can damage your website, but it does not guarantee that all attacks will be avoided. GreggHost proactively guarantees that the most commonly known attacks are blocked when Extra Web Security is activated.
The HTTP response code 418 is used by GreggHost. The request was banned by mod security if you have 418 response codes in your access.log files. However, this could indicate that a request to your website was restricted rather than a specific user. To figure out what triggered the 418 error, go through your log entries.
The matching date stamped error.log item often contains further information about the block. Please don’t hesitate to contact support at Contact Support if you’re having problems figuring out why you’re getting a 418 error in your log files.
GreggHost’s mod_security rules
While the majority of GreggHost’s mod security rule set is custom built as threats emerge, the OWASP mod security Core Rules Set is the foundation of GreggHost’s mod security rule set.
‘Unused’ error message
When a user visits your site and receives a 418 error response, the following error message appears:
Unused. The server was unable to finish your request due to an internal problem or misconfiguration.
The 418 error indicates that mod security has imposed a temporary ban on the server. Multiple failed login attempts to a WordPress site are the most common cause of this. After the message has been triggered, all additional attempts to access the login page will result in the message being displayed.
Once this ban has been triggered, GreggHost support is unable to remove it. The user must stop accessing the server for 10 minutes for the ban to be lifted.
If you’re seeing the 418 issue when you’re not logged into your WordPress site, check your error and access logs for 418 response codes, or contact Support.
An important note about modifying .htaccess mod_security rules
At present time, disabling and altering mod security rules via.htaccess is not supported.