Atomic ModSecurity Rule Sets¶
The Atomic Basic ModSecurity rule set includes the following:
- SQL injection protection.
- Cross-site scripting protection.
- Remote and local file injection/inclusion attack protection.
- Command injection protection.
- Limited virtual patches (The Complete rule set includes all virtual patches. Refer to the following article for explanation what is a virtual patch: https://atomicorp.com/jitp).
The complete Advanced ModSecurity Rules by Atomicorp rule set includes the following:
- Full Basic ModSecurity rule set.
- Denial of Service protection.
- Real time blacklists (Supports third party blacklists such as Spamhaus).
- Advanced anti-evasion protection (Prevents someone from trying to bypass the WAF).
- Threat Intelligence protection (This is based on real time attack intelligence reported by other customers, which is then make available in real time to everyone using the complete rules. This means if customer A is attacked by a system, everyone blocks that attacker in real time.)
- Automatic secure whitelisting of search engines (No false positives with search engines, they are automatically detected and whitelisted in a way that prevents spoofing. This ensures that sites page rank is also protected.)
- Malicious bot protection.
- Automatic removal of malicious code from websites (If a website is compromised, the complete rules will remove the malicious code from the website in real time, without touching any code on the system. This ensures that there is no risk to the customer websites, and also removes anything malicious from them. This means you can use the rules on a system that’s already been compromised, and eliminate the effects of the web applications compromise without having to do anything other than install the rules.)
- Advanced protection rules for SQL injection, XSS, CSRF, RFI, LFI.
- Advanced protection for WordPress, Joomla, Drupal, Magento, and other popular web applications.
- Brute force protection (Detects and blocks web authentication brute force attacks, without relying on either status codes or logs).
- Anti-spam protection (Blocks web spam).
- All Virtual Patches for Zero Day vulnerabilities (Refer to the following article for explanation what is a virtual patch: https://atomicorp.com/jitp).
- Data loss protection rules (Protection from credit card theft, sensitive data, error messages that show sensitive data).
- PCI-DSS compliance (Meets PCI-DSS WAF compliance requirements).
- Domain source blocking (You can block a source by the domain name or FQDN that resolves from its IP address.)
- Malware protection.
- Web shell protection (Detects and blocks web shells and other malicious code from running.)
- Whitelisting and blacklisting.
- Advanced false positive prevention (Complete rules contain additional advanced code to prevent false positives.)
- Real time support (False positives are resolved within minutes or hours, although they are very rare with the complete rules.)
- Updates multiple times daily.