ModSecurity is a plugin for Apache web servers which acts as a web application layer firewall. It is used to stop attacks towards script-driven Internet sites through the use of security rules that contain certain expressions. That way, the firewall can block hacking and spamming attempts and preserve even websites that are not updated often. For instance, a number of failed login attempts to a script admin area or attempts to execute a particular file with the purpose to get access to the script shall trigger certain rules, so ModSecurity will block these activities the second it identifies them. The firewall is extremely efficient as it tracks the whole HTTP traffic to a site in real time without slowing it down, so it can easily stop an attack before any damage is done. It furthermore keeps an incredibly comprehensive log of all attack attempts that includes more information than conventional Apache logs, so you can later analyze the data and take further measures to increase the security of your sites if necessary.
ModSecurity in Cloud Hosting
ModSecurity is supplied with all cloud hosting
machines, so when you decide to host your sites with our company, they shall be shielded from a wide array of attacks. The firewall is enabled by default for all domains and subdomains, so there will be nothing you'll need to do on your end. You'll be able to stop ModSecurity for any website if required, or to switch on a detection mode, so that all activity will be recorded, but the firewall won't take any real action. You shall be able to view comprehensive logs from your Hepsia CP including the IP address where the attack originated from, what the attacker wished to do and how ModSecurity handled the threat. As we take the protection of our customers' sites very seriously, we employ a selection of commercial rules that we get from one of the leading companies which maintain this type of rules. Our admins also add custom rules to ensure that your Internet sites will be shielded from as many threats as possible.
ModSecurity in Semi-dedicated Servers
ModSecurity is a part of our semi-dedicated server
packages and if you decide to host your Internet sites with our company, there shall not be anything special you will have to do as the firewall is activated by default for all domains and subdomains that you include using your hosting CP. If required, you can disable ModSecurity for a particular site or turn on the so-called detection mode in which case the firewall shall still work and record information, but will not do anything to prevent potential attacks on your sites. Thorough logs shall be available within your CP and you'll be able to see what type of attacks happened, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks came from, etcetera. We use 2 types of rules on our servers - commercial ones from a company which operates in the field of web security, and customized ones that our administrators sometimes add to respond to newly found risks on time.
ModSecurity in VPS Servers
All VPS servers
which are provided with the Hepsia Control Panel come with ModSecurity. The firewall is installed and switched on by default for all domains that are hosted on the machine, so there shall not be anything special that you'll have to do to protect your sites. It'll take you simply a click to stop ModSecurity if needed or to switch on its passive mode so that it records what goes on without taking any steps to stop intrusions. You'll be able to view the logs created in passive or active mode through the corresponding section of Hepsia and discover more about the type of the attack, where it originated from, what rule the firewall used to deal with it, and so forth. We employ a mix of commercial and custom rules so as to ensure that ModSecurity shall block as many risks as possible, thus improving the protection of your web programs as much as possible.
ModSecurity in Dedicated Servers
ModSecurity is available by default with all dedicated servers
that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain that you host or subdomain you create on the web server. In the event that a web app does not function correctly, you can either turn off the firewall or set it to operate in passive mode. The second means that ModSecurity shall maintain a log of any possible attack which could take place, but will not take any action to prevent it. The logs produced in active or passive mode will give you additional details about the exact file that was attacked, the type of the attack and the IP address it came from, and so on. This data shall permit you to decide what measures you can take to increase the protection of your websites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules which we use are updated frequently with a commercial bundle from a third-party security firm we work with, but sometimes our administrators add their own rules also in the event that they find a new potential threat.