ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It's employed to stop attacks against script-driven sites by employing security rules which contain specific expressions. In this way, the firewall can stop hacking and spamming attempts and shield even sites that are not updated regularly. For example, numerous failed login attempts to a script administrative area or attempts to execute a certain file with the objective to get access to the script shall trigger certain rules, so ModSecurity shall stop these activities the moment it identifies them. The firewall is incredibly efficient since it monitors the entire HTTP traffic to a website in real time without slowing it down, so it can stop an attack before any damage is done. It additionally maintains an incredibly thorough log of all attack attempts which includes more information than traditional Apache logs, so you can later check out the data and take extra measures to boost the security of your websites if needed.
ModSecurity in Shared Web Hosting
ModSecurity can be found with every shared web hosting
package which we offer and it's turned on by default for every domain or subdomain which you include through your Hepsia Control Panel. If it interferes with any of your applications or you would like to disable it for some reason, you shall be able to achieve that through the ModSecurity area of Hepsia with simply a click. You could also activate a passive mode, so the firewall will recognize potential attacks and maintain a log, but shall not take any action. You can see extensive logs in the exact same section, including the IP where the attack originated from, what exactly the attacker aimed to do and at what time, what ModSecurity did, etcetera. For max safety of our clients we use a set of commercial firewall rules blended with custom ones which are included by our system admins.
ModSecurity in Semi-dedicated Servers
ModSecurity is a part of our semi-dedicated server
solutions and if you decide to host your Internet sites with us, there will not be anything special you'll need to do given that the firewall is turned on by default for all domains and subdomains which you add through your hosting Control Panel. If necessary, you'll be able to disable ModSecurity for a particular website or enable the so-called detection mode in which case the firewall will still function and record data, but won't do anything to stop possible attacks against your websites. Detailed logs shall be readily available inside your CP and you'll be able to see what sort of attacks took place, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks originated from, etc. We use two kinds of rules on our servers - commercial ones from an organization which operates in the field of web security, and customized ones which our admins occasionally add to respond to newly discovered threats promptly.
ModSecurity in VPS Servers
ModSecurity is provided with all Hepsia-based VPS servers
we offer and it'll be activated automatically for every new domain or subdomain that you add on the hosting server. In this way, any web application that you install shall be secured from the very beginning without doing anything manually on your end. The firewall may be handled from the section of the Control Panel that bears the same name. This is the area whereyou can turn off ModSecurity or enable its passive mode, so it won't take any action towards threats, but will still maintain a detailed log. The recorded information is available inside the same section as well and you'll be able to see what IPs any attacks came from to enable you to block them, what the nature of the attempted attacks was and based upon what security rules ModSecurity reacted. The rules which we use on our servers are a blend between commercial ones we get from a security firm and custom ones which are added by our staff to enhance the protection of any web apps hosted on our end.
ModSecurity in Dedicated Servers
ModSecurity is offered as standard with all dedicated servers
which are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain that you create on the hosting server. In the event that a web application doesn't work properly, you can either disable the firewall or set it to function in passive mode. The second means that ModSecurity will maintain a log of any possible attack which might occur, but won't take any action to stop it. The logs produced in active or passive mode will provide you with additional details about the exact file that was attacked, the type of the attack and the IP address it came from, etcetera. This info will allow you to determine what steps you can take to improve the security of your Internet sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules which we use are updated constantly with a commercial pack from a third-party security provider we work with, but from time to time our staff add their own rules as well if they identify a new potential threat.