We are developing extra rules to protect running harmful content (e.g. web shell) on servers, besides our commercial ModSecurity rules set.
When you enable additional rules, it gives you a higher level of security. However, extra rules may also increase the possibility of blocking some legitimate traffic due to false alarms (also named false positives or FPs). It is likely that you will need to add some whitelist for certain applications that need to receive complex input patterns.
If the rules are causing problems, report them to us so that we may develop them better suitably!
Webshell
The front page may open in web shells, but command execution is blocked.
- Phoenix WebShell
- FilesMan
- c99shell
- b374k
- WSO
- Ani-Shell
Scanners
- Bad User-Agents
- Bad search engine crawlers (Cause High loads)
rbl
- Bot’s (Cause DDOS & High loads)
More RBL information here.
reCaptcha
- Bot’s crawling WordPress & Joomla logins (Cause DDOS & High loads)
More reCaptcha information here.
Usage
If you wanna use all rules, then you add extra parameter to download url like:
SecRemoteRules SERIAL https://rules.malware.expert/download.php?rules=generic&extra=webshell,scanner,rbl,recaptcha