The Webshell protection can cause false positives. It is more recommended on self-hosted servers than on shared servers
In version 1.85 we have added additional options in Settings to control WAF. With new options, you have a neat and simple UI option to whitelist ModSec rules in case you want. Our rules are carefully crafted to avoid false positives and other issues. Also new UI let you to enable additional rules to avoid bad bots and exploiting PHP shell scripts. You can enable/disable the rules based on your preference.
1. RBL Protection:- Recommended This provides the advanced DDoS protection for POST attacks [ brute-force, script exploits ] and blocks common abusive IP addresses collected through our network of servers with cPGuard installed. We recommend to turn this ON as it can help to block many attacks before reaching your application and helps to reduce server load.
2. Captcha Protection :- Recommended This rule set will enforce all users to verify not as bot before accessing the CMS [ like WordPress, Joomla, etc ] login pages or submitting the login credentials. Once they are identified as real user, they will be able to llogin to their website. This can greatly reduce the load due to brute-force attacks.
3. WEBSHELL protection:- If you enable this rule set, your server will be protected from the execution of PHP shells like following
- Phoenix WebShell
Front page may open in web shells, but command execution [ like copy, delete, move, etc ] is blocked. You can enable this rules set if you control all the web apps on your server.
4. SCANNER protection:- Recommended This will help to keep away bad crawlers from your system. This is a major headache for web hosts and causes unnecessary use of system resources. It can block
- Bad User-Agents
- Bad search engine crawlers (Cause High loads)
As always...please contact our support team if you find any difficulties with the additional rules set or the whitelist option.