Welcome, Guest. [ Log In ]
Question   Extra Web Security
Search KBase

Top 5 in this Area:
1. How can people subscribe to my mailing list?
2. Do you have this perl module installed on your servers?
3. What's the difference between PHP-CGI and PHP as an Apache module?
4. PHP Security
5. How do I dump data into MySQL?

Extra Web Security
The Extra Web Security option (you see it when adding a new domain or editing the web settings for an existing domain) enables the use of a special security module for your website.

Many common attacks that can compromise your website will be blocked by this option. We cannot guarantee that all attacks will be blocked but we will do our best to ensure the most common known attacks will be prevented.

A few specific web applications do not work properly with this option enabled, but most sites will work normally (but with extra security!). At this time, it appears that phpstats, some PHP-based BitTorrent trackers, and possibly some binary image upload scripts may not work. Solid components do not currently work when you have the extra security turned on. No other known problems exist.

FYI: checking this box enables the mod_security apache module on your domain.

Last updated: Jan 11, 2005.

User Post (2005-10-19 17:30:48 by jeof0411)
Has anyone figured out a possible workaround for image upload scripts to work with this? I use b2evolution blog software and I can post OK but image upload is throwing errors.
User Post (2005-08-05 19:14:23 by eleochan)
Definitely having trouble running a bittorrent tracker with this. I don't know if it's simply the script but some things aren't working, like certain variables getting passed in forms and such.
User Post (2005-07-26 18:41:57 by nerdbuc)
Don't know if this is just something weird I'm doing, but it *appears* that having this option on can kill a rails application under fcgi. After disabling it, my rails app actually runs instead of timing out and saying "Unable to start rails application".
User Post (2005-03-17 16:35:37 by dischead)
A good introductory article on mod_security is "Introducing mod_security" by Ivan Ristic (O'Reilly Network, Nov. 26, 2003). http://www.onlamp.com/pub/a/apache/2003/11/26/mod_security.html
User Post (2005-03-16 11:59:02 by elramsay)
Is there any way to see logs or evidence of attacks stopped by enabling mod_security?
User Post (2005-03-01 14:11:47 by todd999)
Will this affect Mamo in any way?
User Post (2005-02-18 10:06:52 by ayfnmanager)
In response to jfmoran3's question about these features being compatible with Drupal, they are. Both "Run PHP as a CGI Module" and "Extra Web Security" are enabled on two DreamHost-hosted domains I run Drupal on.
User Post (2005-01-14 06:32:49 by jim_carson)
<b>Yes</b> this works with movable type. I am running it on my blog, http://www.jimcarson.com.
User Post (2005-01-13 16:55:54 by roncox)
Does anyone know how long it takes for the site to update when enabled?
User Post (2005-01-10 12:59:54 by massarted)
PHPnuke and Gallery seem to work fine. I haven't run into any problems yet. Movabletype seems to work ok, also. I haven't given it a workout yet, but I can post and nothing seems broken.
User Post (2005-01-05 18:51:31 by summetj)
Jellings, can you give specifics of which features in Gallery no longer work?
User Post (2005-01-04 20:30:29 by macmanx)
I've used WordPress v1.2.2 under DH's mod_security implementation for over a month now. I have not noticed any problems.
User Post (2005-01-04 19:33:26 by polydude)
I don't have a definitive answer to the MT question (and I would like one) but you might notice they have a blog at http://www.modsecurity.org/blog/ and it runs MT... A logical conclusion is that it works.
User Post (2005-01-04 16:21:10 by palebear)
I would also be interested to hear if anyone has tried enabling this and is using Moveable Type. I have several sites running MT so I'd want a definitive answer before going for it...
User Post (2004-12-20 04:44:27 by jfmoran3)
Those users with phpNuke should seriously consider drupal. phpNuke will never be as secure as drupal due to XSS issues. There is an image tool in drupal and galleries can be set up.
There are even conversion scripts around.

I'm interested to test this with drupal.
User Post (2004-12-19 01:32:47 by jeremyyip)
Does this work for movabletype? I'm running movable type at the moment, I really want the extra security, but I really don't want to break my MT installation. Anyone tried it with MT?
User Post (2004-12-16 08:31:23 by jellings)
Gallery applications DO seem to be affected as some features on my installs do not work.
User Post (2004-12-14 13:27:04 by elramsay)
This looks like a great feature for additional security. Curious to know more about what scripts might break using it. For example, will it work with PHPnuke 7.x, Gallery and Coppermine? These scripts are used by a lot of Dreamhostees and are prome to the kind of attacks this script should help prevent.
User Post (2004-12-13 22:53:12 by mattjaybe)
Looking for more information, I believe this website has information on this server module: http://www.modsecurity.org/

Looks like a great module, thanks to Dreamhost for providing this option. It's always nice to have a greater peace of mind.