ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its operation and when it detects an intrusion attempt, it prevents it. The firewall additionally maintains a more thorough log for the traffic than any server does, so you will manage to keep an eye on what is happening with your Internet sites much better than if you rely only on conventional logs. ModSecurity employs security rules based on which it stops attacks. For example, it recognizes whether someone is attempting to log in to the administrator area of a certain script several times or if a request is sent to execute a file with a certain command. In such instances these attempts set off the corresponding rules and the firewall software hinders the attempts instantly, then records detailed information about them in its logs. ModSecurity is one of the best software firewalls out there and it could easily protect your web apps against a large number of threats and vulnerabilities, especially if you don’t update them or their plugins often.
ModSecurity in Shared Web Hosting
ModSecurity comes by default with all shared web hosting
plans which we offer and it shall be activated automatically for any domain or subdomain which you add/create inside your Hepsia hosting CP. The firewall has 3 different modes, so you could switch on and deactivate it with simply a mouse click or set it to detection mode, so it will maintain a log of all attacks, but it shall not do anything to prevent them. The log for any of your Internet sites will feature in-depth info including the nature of the attack, where it originated from, what action was taken by ModSecurity, etc. The firewall rules we use are regularly updated and incorporate both commercial ones that we get from a third-party security company and custom ones that our system admins add in the event that they detect a new type of attacks. This way, the Internet sites which you host here shall be far more protected without any action expected on your end.
ModSecurity in Semi-dedicated Servers
We've incorporated ModSecurity by default within all semi-dedicated server
products, so your web applications will be protected whenever you set them up under any domain or subdomain. The Hepsia CP that comes with the semi-dedicated accounts will permit you to activate or disable the firewall for any website with a mouse click. You shall also be able to turn on a passive detection mode through which ModSecurity will maintain a log of possible attacks without actually preventing them. The detailed logs contain the nature of the attack and what ModSecurity response this attack triggered, where it originated from, and so on. The list of rules that we employ is frequently updated as to match any new threats that might appear on the Internet and it includes both commercial rules that we get from a security company and custom-written ones which our administrators add in case they discover a threat that is not present in the commercial list yet.
ModSecurity in VPS Servers
All VPS servers
that are provided with the Hepsia Control Panel come with ModSecurity. The firewall is installed and turned on by default for all domains that are hosted on the machine, so there won't be anything special which you'll need to do to protect your sites. It'll take you simply a mouse click to stop ModSecurity if necessary or to activate its passive mode so that it records what goes on without taking any steps to stop intrusions. You will be able to see the logs created in passive or active mode from the corresponding section of Hepsia and discover more about the type of the attack, where it originated from, what rule the firewall employed to tackle it, and so on. We use a mixture of commercial and custom rules in order to make certain that ModSecurity shall block out as many risks as possible, consequently boosting the protection of your web applications as much as possible.
ModSecurity in Dedicated Servers
ModSecurity is provided with all dedicated servers
which are set up with our Hepsia Control Panel and you'll not have to do anything specific on your end to use it since it is enabled by default whenever you add a new domain or subdomain on your web server. If it disrupts any of your applications, you will be able to stop it via the respective part of Hepsia, or you may leave it working in passive mode, so it shall identify attacks and will still keep a log for them, but won't block them. You may analyze the logs later to learn what you can do to improve the protection of your Internet sites as you'll find info such as where an intrusion attempt originated from, what Internet site was attacked and based on what rule ModSecurity responded, etc. The rules that we use are commercial, therefore they're constantly updated by a security firm, but to be on the safe side, our administrators also add custom rules from time to time as to react to any new threats they have discovered.