United States United States

What is the Application Firewall and why is it active?

The application firewall checkbox shows the status of ModSecurity. You can find this setting when you edit a subdomain via the link "Settings »" next to the textbox for webspace content when editing a subdomain. It's generally recommended to leave this checked since it prevents the exploitation of many security risks. Examples are:

HTTP protection - detecting violations of the HTTP protocol and a locally defined usage policy.
Common Web Attacks Protection - detecting common web application security attack.
Automation detection - Detecting bots, crawlers, scanners and other surface malicious activity.
Trojan Protection - Detecting access to and from Trojan horses.
Errors Hiding – Disguising error messages sent by the server to avoid the exploitation of errors (you can toggle this off via the PHP setting "display errors")

The application firewall should only be deactivated by technically versed users and even then it should only be done for testing purposes.