Implementation of Web Application Firewall on Shared Server
Web Application Security has been a major concern over the past few years. Every minute, some or the other website is getting hacked or defaced by hackers. Most of the websites are not directly defaced, but are used to distribute viruses and Malwares to visitors and thereby stealing sensitive data from their computers. It also results in websites getting poor reputation and thereby reducing their search engine visibility and eventually resulting in loss of business. Moreover, many websites are hosted on shared hosting servers and if a server is not properly secured, it may affect other websites too. Overall, it is a lose-lose situation for all.
Salient Features of Web Application Firewall
• Protection from Website Defacement
• Protection from XML Attacks
• Protection from SQL Injection
• Protection from Cross Site Scripting attacks
• Protection from Advanced CSRF Attacks
• File and Code injection protection
• Cookie and Credential Theft Protection
• Remote Command Execution protection
• Protection from Path Traversal vulnerabilities
• Protection from Cookie Poisoning
And many other web application security threats.
What will happen if my website is vulnerable?
The web application firewall will protect the websites from all the attacks listed above. It means that if a website has vulnerable code or plugins, then such requests which denote an attack like request will be blocked by the Firewall. This will result in certain pages or the whole website showing 404 or 406 errors to visitors.
How can I find what kind of requests are blocked by the firewall?
Initially, we don’t have an option for customers to view what requests are blocked by the Firewall. You can contact the support department to know the blocked requests. The detailed log will be provided by the support team.
What should I do to prevent my requests from being blocked?
It is very important that you fix all the vulnerabilities of your website(s) so that the requests are not blocked by the firewall. Some preventive actions you may take are listed below:
• Scan your website with online scanner like Acunetix (https://www.acunetix.com) to find the vulnerabilities present in the websites (The website acunetix has no connection with QualiSpace. It is just third party tool used for scanning the vulnerability)
• Upgrade WordPress, Joomla and other CMS you may be using for your website to their latest versions.
• Upgrade all the third-party plugins and themes used in your website to latest versions.
• Remove all unwanted plugins and themes and replace the ones that are known to be vulnerable.
• Upgrade your custom designed websites designed in PHP to use PHP 5.4 functions and methods.
• Enable Captcha in all web forms.
It is very important to keep the websites updated and free of vulnerabilities to prevent attacks on them.
A secure website will ensure Peace of Mind.