ModSecurity is a potent web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its operation and if it detects an intrusion attempt, it blocks it. The firewall also keeps a more thorough log for the website visitors than any server does, so you will manage to keep an eye on what is going on with your Internet sites better than if you rely only on standard logs. ModSecurity works with security rules based on which it helps prevent attacks. For example, it detects whether somebody is attempting to log in to the administrator area of a certain script a number of times or if a request is sent to execute a file with a particular command. In these circumstances these attempts trigger the corresponding rules and the firewall program hinders the attempts immediately, after that records in-depth information about them inside its logs. ModSecurity is one of the most effective software firewalls on the market and it can easily protect your web applications against a huge number of threats and vulnerabilities, particularly in case you don’t update them or their plugins frequently.
ModSecurity in Website Hosting
ModSecurity can be found with every single website hosting solution that we offer and it is switched on by default for every domain or subdomain that you add through your Hepsia Control Panel. In case it disrupts any of your applications or you'd like to disable it for any reason, you shall be able to achieve that through the ModSecurity section of Hepsia with merely a mouse click. You can also use a passive mode, so the firewall will detect potential attacks and keep a log, but won't take any action. You'll be able to view detailed logs in the very same section, including the IP address where the attack originated from, what precisely the attacker attempted to do and at what time, what ModSecurity did, etcetera. For maximum security of our clients we use a group of commercial firewall rules mixed with custom ones which are added by our system admins.
ModSecurity in Semi-dedicated Servers
ModSecurity is a part of our semi-dedicated server packages and if you decide to host your websites with our company, there will not be anything special you will have to do since the firewall is activated by default for all domains and subdomains that you include through your hosting Control Panel. If required, you'll be able to disable ModSecurity for a particular site or activate the so-called detection mode in which case the firewall will still work and record data, but will not do anything to prevent potential attacks on your Internet sites. In depth logs shall be accessible in your Control Panel and you shall be able to see what sort of attacks occurred, what security rules were triggered and how the firewall handled the threats, what IP addresses the attacks originated from, etcetera. We use two types of rules on our servers - commercial ones from a firm which operates in the field of web security, and custom made ones which our admins often add to respond to newly identified threats on time.
ModSecurity in VPS Servers
All VPS servers which are set up with the Hepsia CP come with ModSecurity. The firewall is set up and activated by default for all domains that are hosted on the web server, so there will not be anything special that you'll need to do to protect your sites. It'll take you only a mouse click to stop ModSecurity if required or to turn on its passive mode so that it records what happens without taking any actions to stop intrusions. You will be able to see the logs created in active or passive mode via the corresponding section of Hepsia and discover more about the type of the attack, where it came from, what rule the firewall employed to tackle it, etc. We employ a mix of commercial and custom rules in order to make certain that ModSecurity will prevent as many risks as possible, consequently enhancing the protection of your web apps as much as possible.
ModSecurity in Dedicated Servers
ModSecurity is offered as standard with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain that you create on the hosting server. In the event that a web application doesn't operate properly, you could either turn off the firewall or set it to work in passive mode. The second means that ModSecurity shall maintain a log of any potential attack that might happen, but will not take any action to stop it. The logs produced in active or passive mode will offer you additional details about the exact file that was attacked, the type of the attack and the IP it originated from, etcetera. This information shall enable you to determine what actions you can take to improve the security of your sites, including blocking IPs or performing script and plugin updates. The ModSecurity rules that we employ are updated frequently with a commercial pack from a third-party security provider we work with, but sometimes our admins add their own rules as well in case they identify a new potential threat.