Learn what ModSecurity is, how it works and what exactly it does to protect your sites and applications.
ModSecurity is a highly effective firewall for Apache web servers which is used to stop attacks toward web applications. It monitors the HTTP traffic to a certain Internet site in real time and stops any intrusion attempts as soon as it discovers them. The firewall relies on a set of rules to do that - as an example, attempting to log in to a script administrator area unsuccessfully several times activates one rule, sending a request to execute a certain file which may result in accessing the Internet site triggers another rule, and so forth. ModSecurity is among the best firewalls available and it will preserve even scripts that are not updated often because it can prevent attackers from employing known exploits and security holes. Incredibly detailed data about each intrusion attempt is recorded and the logs the firewall maintains are a lot more comprehensive than the standard logs created by the Apache server, so you could later analyze them and decide if you need to take additional measures so as to improve the security of your script-driven websites.
ModSecurity in Shared Website Hosting
We offer ModSecurity with all shared website hosting
packages, so your Internet applications will be shielded from malicious attacks. The firewall is activated by default for all domains and subdomains, but if you'd like, you shall be able to stop it through the respective section of your Hepsia CP. You'll be able to also switch on a detection mode, so ModSecurity shall keep a log as intended, but shall not take any action. The logs that you shall find inside Hepsia are extremely detailed and offer info about the nature of any attack, when it took place and from what IP address, the firewall rule which was triggered, and so on. We use a group of commercial rules which are frequently updated, but sometimes our admins add custom rules as well so as to efficiently protect the websites hosted on our servers.
ModSecurity in Semi-dedicated Servers
Any web app you install inside your new semi-dedicated server
account shall be protected by ModSecurity as the firewall comes with all our hosting solutions and is switched on by default for any domain and subdomain you include or create using your Hepsia hosting CP. You shall be able to manage ModSecurity via a dedicated section within Hepsia where not only can you activate or deactivate it entirely, but you may also switch on a passive mode, so the firewall will not block anything, but it'll still maintain an archive of possible attacks. This requires only a mouse click and you will be able to view the logs regardless of if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was addressed, etc. The firewall employs 2 sets of rules on our servers - a commercial one which we get from a third-party web security firm and a custom one which our administrators update personally as to respond to recently discovered threats as quickly as possible.
ModSecurity in VPS Servers
Protection is very important to us, so we set up ModSecurity on all VPS servers
that are set up with the Hepsia Control Panel by default. The firewall can be managed via a dedicated section within Hepsia and is switched on automatically when you add a new domain or create a subdomain, so you will not have to do anything by hand. You will also be able to disable it or switch on the so-called detection mode, so it will keep a log of potential attacks you can later examine, but shall not block them. The logs in both passive and active modes include information regarding the form of the attack and how it was prevented, what IP address it came from and other useful information that could help you to tighten the security of your sites by updating them or blocking IPs, for example. Besides the commercial rules that we get for ModSecurity from a third-party security enterprise, we also employ our own rules since once in a while we identify specific attacks that are not yet present in the commercial group. This way, we can easily enhance the protection of your Virtual private server immediately rather than awaiting a certified update.
ModSecurity in Dedicated Servers
ModSecurity is provided as standard with all dedicated servers
that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain that you create on the hosting server. In the event that a web application doesn't operate adequately, you could either switch off the firewall or set it to work in passive mode. The latter means that ModSecurity shall maintain a log of any potential attack which might occur, but will not take any action to stop it. The logs generated in passive or active mode shall offer you more details about the exact file which was attacked, the nature of the attack and the IP address it came from, etc. This info shall permit you to determine what measures you can take to improve the security of your Internet sites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we use are updated regularly with a commercial pack from a third-party security firm we work with, but oftentimes our administrators add their own rules as well in case they identify a new potential threat.