ModSecurity is an efficient firewall for Apache web servers which is employed to prevent attacks toward web applications. It monitors the HTTP traffic to a given website in real time and prevents any intrusion attempts the moment it detects them. The firewall uses a set of rules to do this - for example, trying to log in to a script administrator area unsuccessfully a few times sets off one rule, sending a request to execute a certain file that may result in accessing the site triggers another rule, and so on. ModSecurity is one of the best firewalls available and it will preserve even scripts that aren't updated often because it can prevent attackers from employing known exploits and security holes. Incredibly comprehensive data about each intrusion attempt is recorded and the logs the firewall maintains are considerably more comprehensive than the conventional logs created by the Apache server, so you may later take a look at them and decide if you need to take additional measures so as to enhance the safety of your script-driven websites.
ModSecurity in Website Hosting
We provide ModSecurity with all website hosting solutions, so your web apps shall be resistant to destructive attacks. The firewall is switched on by default for all domains and subdomains, but if you'd like, you'll be able to stop it via the respective area of your Hepsia CP. You could also switch on a detection mode, so ModSecurity shall keep a log as intended, but won't take any action. The logs that you'll find within Hepsia are very detailed and include data about the nature of any attack, when it happened and from what IP, the firewall rule which was triggered, etc. We employ a range of commercial rules that are frequently updated, but sometimes our administrators include custom rules as well so as to better protect the Internet sites hosted on our servers.
ModSecurity in Semi-dedicated Servers
ModSecurity is part of our semi-dedicated server plans and if you opt to host your sites with our company, there won't be anything special you'll need to do as the firewall is activated by default for all domains and subdomains that you add using your hosting Control Panel. If needed, you can disable ModSecurity for a particular website or enable the so-called detection mode in which case the firewall will still function and record info, but shall not do anything to stop possible attacks on your websites. Thorough logs will be accessible within your Control Panel and you will be able to see what type of attacks occurred, what security rules were triggered and how the firewall dealt with the threats, what IP addresses the attacks originated from, etcetera. We use 2 kinds of rules on our servers - commercial ones from a firm that operates in the field of web security, and custom made ones which our administrators sometimes add to respond to newly identified risks in a timely manner.
ModSecurity in VPS Servers
All VPS servers that are provided with the Hepsia Control Panel feature ModSecurity. The firewall is set up and switched on by default for all domains that are hosted on the machine, so there shall not be anything special which you'll need to do to protect your Internet sites. It'll take you only a click to stop ModSecurity if needed or to turn on its passive mode so that it records what goes on without taking any actions to prevent intrusions. You will be able to see the logs created in passive or active mode through the corresponding section of Hepsia and learn more about the type of the attack, where it came from, what rule the firewall used to tackle it, and so on. We employ a combination of commercial and custom rules so as to make sure that ModSecurity shall stop as many risks as possible, thus increasing the protection of your web applications as much as possible.
ModSecurity in Dedicated Servers
ModSecurity is offered as standard with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain which you create on the server. Just in case that a web application does not work correctly, you may either disable the firewall or set it to work in passive mode. The second means that ModSecurity will keep a log of any potential attack that could take place, but will not take any action to stop it. The logs created in passive or active mode shall provide you with additional details about the exact file that was attacked, the nature of the attack and the IP it originated from, and so forth. This information shall allow you to choose what steps you can take to enhance the protection of your websites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules we use are updated frequently with a commercial package from a third-party security enterprise we work with, but occasionally our administrators add their own rules as well if they come across a new potential threat.