The Webshell protection can cause false positives. It is more recommended on self-hosted servers than on shared servers
In version 1.85 we have added additional options in Settings to control WAF. With new options, you have a neat and simple UI option to whitelist ModSec rules in case you want. Our rules are carefully crafted to avoid false positives and other issues. Also new UI let you to enable additional rules to avoid bad bots and exploiting PHP shell scripts. You can enable/disable the rules based on your preference.
1. WEBSHELL protection:- If you enable this rule set, your server will be protected from the execution of PHP shells like following
Front page may open in web shells, but command execution [ like copy, delete, move, etc ] is blocked.
2. SCANNER protection:- This will help to keep away bad crawlers from your system. This is a major headache for web hosts and causes unnecessary use of system resources. It can block
As always...please contact our support team if you find any difficulties with the additional rules set or the whitelist option.