ModSecurity is an efficient firewall for Apache web servers that is used to stop attacks toward web applications. It tracks the HTTP traffic to a certain site in real time and blocks any intrusion attempts the instant it detects them. The firewall uses a set of rules to do this - for example, attempting to log in to a script administrator area without success many times triggers one rule, sending a request to execute a specific file which may result in gaining access to the site triggers another rule, and so on. ModSecurity is among the best firewalls out there and it will preserve even scripts that are not updated on a regular basis because it can prevent attackers from using known exploits and security holes. Quite comprehensive data about each intrusion attempt is recorded and the logs the firewall keeps are a lot more detailed than the regular logs created by the Apache server, so you can later take a look at them and decide whether you need to take more measures so as to enhance the safety of your script-driven websites.
ModSecurity in Shared Website Hosting
ModSecurity is offered with every shared website hosting plan which we offer and it's switched on by default for every domain or subdomain which you add via your Hepsia CP. If it interferes with any of your applications or you would like to disable it for any reason, you will be able to do that through the ModSecurity section of Hepsia with just a mouse click. You could also activate a passive mode, so the firewall will recognize possible attacks and keep a log, but won't take any action. You can view comprehensive logs in the very same section, including the IP where the attack came from, what exactly the attacker aimed to do and at what time, what ModSecurity did, and so on. For maximum security of our clients we use a collection of commercial firewall rules blended with custom ones which are included by our system administrators.
ModSecurity in Semi-dedicated Servers
All semi-dedicated server solutions which we offer come with ModSecurity and since the firewall is turned on by default, any Internet site you set up under a domain or a subdomain will be protected right away. A separate section within the Hepsia Control Panel which comes with the semi-dedicated accounts is devoted to ModSecurity and it shall enable you to start and stop the firewall for any Internet site or enable a detection mode. With the last mentioned, ModSecurity will not take any action, but it will still identify possible attacks and shall keep all information within a log as if it were fully active. The logs can be found in the exact same section of the Control Panel and they offer specifics about the IP where an attack came from, what its nature was, what rule ModSecurity applies to recognize and stop it, and so forth. The security rules which we use on our servers are a mix between commercial ones from a security business and custom ones created by our system admins. As a result, we offer increased security for your web programs as we can shield them from attacks before security firms release updates for brand new threats.
ModSecurity in VPS Servers
Protection is of the utmost importance to us, so we install ModSecurity on all VPS servers that are provided with the Hepsia Control Panel by default. The firewall can be managed via a dedicated section in Hepsia and is switched on automatically when you add a new domain or generate a subdomain, so you will not need to do anything by hand. You'll also be able to disable it or turn on the so-called detection mode, so it shall keep a log of possible attacks you can later analyze, but shall not prevent them. The logs in both passive and active modes include details about the form of the attack and how it was stopped, what IP address it came from and other important information which could help you to tighten the security of your websites by updating them or blocking IPs, as an example. In addition to the commercial rules which we get for ModSecurity from a third-party security enterprise, we also use our own rules because every now and then we detect specific attacks which aren't yet present inside the commercial package. This way, we can easily boost the security of your Virtual private server in a timely manner as opposed to awaiting a certified update.
ModSecurity in Dedicated Servers
ModSecurity is provided by default with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain you create on the hosting server. In case that a web app doesn't operate correctly, you could either disable the firewall or set it to work in passive mode. The second means that ModSecurity will maintain a log of any potential attack which may take place, but will not take any action to stop it. The logs created in active or passive mode will offer you more details about the exact file which was attacked, the form of the attack and the IP it originated from, and so forth. This data will permit you to choose what measures you can take to increase the safety of your websites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we employ are updated constantly with a commercial pack from a third-party security provider we work with, but sometimes our staff include their own rules too in the event that they come across a new potential threat.