Web Application Firewall
Plesk provides an integrated Web Application Firewall feature via Apache mod_security. This is an advanced feature, so by default it’s turned off. This feature is not available when using only Nginx.
When you come to enable it (Tools & Settings > Security > Web Application Firewall), you’ll notice that in addition to a Detection only mode (to preview which requests would be blocked), you can also choose from a variety of different predefined Rule sets, or define your own custom rules.
Creating and maintaining security rules that are effective at blocking malicious traffic whilst also allowing your legitimate traffic to flow freely is a difficult and time consuming task. Thankfully, others are already doing this for you! However, not all rule sets are equal.
Here we compare the two most popular options, both powered by Atomic: Basic ModSecurity (free), and Advanced ModSecurity Rules (provided by the Security Core Complete subscription add-on):
|Basic ModSecurity||Advanced ModSecurity Rules|
|Price||Free||£9.99 / $14.99 per month|
|Cross-site scripting (XSS|
|Remote file inclusion (RFI)|
|Local file inclusion (LFI)|
|Advanced protection for WordPress, Joomla, Drupal, and Magento|
|Malicious website code suppression|
|Web shell blocking|
|Brute force protection|
|Data loss protection|
|Comment form spam|
|Advanced false positive prevention|
|Real time correction to false positive rules|
|Search engine spider whitelist|
|Manual override (whitelisting)|
|Real time blacklists|
|Crowd sourced threat intelligence|
|Rules updated multiple times per day|
Need More Help?
If you're still having problems, get in touch with our 24/7 support team! We'll be more than happy to help.