ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to an Internet site without affecting its performance and in case it discovers an intrusion attempt, it blocks it. The firewall furthermore maintains a more thorough log for the traffic than any web server does, so you will manage to keep an eye on what is happening with your sites better than if you rely simply on conventional logs. ModSecurity uses security rules based on which it stops attacks. For example, it recognizes if someone is trying to log in to the administration area of a particular script multiple times or if a request is sent to execute a file with a particular command. In such situations these attempts set off the corresponding rules and the firewall blocks the attempts in real time, then records detailed information about them within its logs. ModSecurity is one of the best software firewalls on the market and it could easily protect your web apps against a huge number of threats and vulnerabilities, particularly if you don’t update them or their plugins often.
ModSecurity in Cloud Website Hosting
ModSecurity comes by default with all cloud website hosting
solutions that we offer and it'll be switched on automatically for any domain or subdomain that you add/create within your Hepsia hosting CP. The firewall has three different modes, so you'll be able to switch on and disable it with only a click or set it to detection mode, so it will maintain a log of all attacks, but it shall not do anything to prevent them. The log for each of your sites shall feature comprehensive info which includes the nature of the attack, where it originated from, what action was taken by ModSecurity, etc. The firewall rules we use are regularly updated and comprise of both commercial ones which we get from a third-party security business and custom ones that our system admins include in the event that they detect a new kind of attacks. In this way, the sites you host here shall be much more protected with no action required on your end.
ModSecurity in Semi-dedicated Servers
ModSecurity is part of our semi-dedicated server
plans and if you decide to host your Internet sites with our company, there shall not be anything special you'll have to do since the firewall is turned on by default for all domains and subdomains you include using your hosting Control Panel. If necessary, you could disable ModSecurity for a certain site or activate the so-called detection mode in which case the firewall shall still operate and record info, but won't do anything to prevent potential attacks on your websites. In depth logs shall be readily available within your Control Panel and you will be able to see what sort of attacks happened, what security rules were triggered and how the firewall dealt with the threats, what IP addresses the attacks originated from, etc. We use two kinds of rules on our servers - commercial ones from an organization that operates in the field of web security, and custom ones that our administrators occasionally include to respond to newly discovered risks in a timely manner.
ModSecurity in VPS Servers
ModSecurity is pre-installed on all VPS servers
that are offered with the Hepsia hosting Control Panel, so your web programs shall be secured from the second your server is ready. The firewall is switched on by default for any domain or subdomain on the Virtual Private Server, but if required, you can deactivate it with a click through the corresponding section of Hepsia. You may also set it to function in detection mode, so it'll keep an extensive log of any possible attacks without taking any action to prevent them. The logs can be found in the very same section and provide details about the nature of the attack, what IP it originated from and what ModSecurity rule was triggered to stop it. For maximum security, we employ not only commercial rules from a business working in the field of web security, but also custom ones which our admins add personally so as to react to new threats that are still not dealt with in the commercial rules.
ModSecurity in Dedicated Servers
ModSecurity is provided by default with all dedicated servers
that are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain that you create on the server. In the event that a web app doesn't work properly, you can either turn off the firewall or set it to work in passive mode. The second means that ModSecurity shall keep a log of any potential attack which could occur, but will not take any action to stop it. The logs produced in passive or active mode will give you additional details about the exact file that was attacked, the nature of the attack and the IP it originated from, etc. This info shall allow you to choose what steps you can take to improve the safety of your sites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules we use are updated often with a commercial pack from a third-party security firm we work with, but oftentimes our admins include their own rules too if they find a new potential threat.