{"id":24117,"date":"2022-02-02T14:21:03","date_gmt":"2022-02-02T14:21:03","guid":{"rendered":"https:\/\/1-grid.com\/knowledge\/mod_security-protecting-your-site-from-code-injection\/"},"modified":"2023-10-19T12:58:57","modified_gmt":"2023-10-19T12:58:57","slug":"mod_security-protecting-your-site-from-code-injection","status":"publish","type":"ht_kb","link":"https:\/\/1grid.co.za\/knowledge\/mod_security-protecting-your-site-from-code-injection\/","title":{"rendered":"Mod_security: Protecting your site from code injection"},"content":{"rendered":"

This article provides you with information regarding why Mod_security application firewall is so important in both shared and VPS environments.<\/p><\/blockquote>\n

 <\/p>\n

 <\/p>\n

What is mod_security?<\/strong><\/h2>\n

Apache (Your web server software) comes with a module called “mod_security” that protects your website from attackers that compromise your site through the web URL’s. Code can be added to the end of your web URL that can contains SQL statements. This SQL statement can delete, insert data, or do other damages to your website when mod_security is disabled. A common URL injection looks like the following:<\/p>\n

http:\/\/www.domain.com\/index.php?username=admin'\">DROP%20TABLE%20wp-users--<\/pre>\n
In this case, the database table called users will be deleted from the database with the DROP statement. Servers running mod_security will flag that URL as a Hack attempt and result in a 406 error.<\/p>\n
 <\/p>\n
 <\/p>\n
 <\/p>\n
How do I work around mod_security?<\/strong><\/h2>\n
 <\/p>\n
If you are getting 406 errors on your site due to mod_security you can do one of the following:<\/p>\n
 <\/p>\n