ModSecurity is a powerful firewall for Apache web servers which is employed to prevent attacks towards web apps. It tracks the HTTP traffic to a certain Internet site in real time and blocks any intrusion attempts the moment it identifies them. The firewall uses a set of rules to accomplish that - as an example, trying to log in to a script administrator area without success several times sets off one rule, sending a request to execute a certain file which may result in getting access to the Internet site triggers another rule, and so forth. ModSecurity is one of the best firewalls out there and it'll protect even scripts that are not updated regularly since it can prevent attackers from using known exploits and security holes. Incredibly thorough information about every intrusion attempt is recorded and the logs the firewall maintains are much more detailed than the conventional logs created by the Apache server, so you can later examine them and determine if you need to take additional measures in order to enhance the safety of your script-driven websites.
ModSecurity in Shared Hosting
We offer ModSecurity with all shared hosting plans, so your web applications shall be resistant to harmful attacks. The firewall is turned on by default for all domains and subdomains, but in case you would like, you will be able to stop it using the respective area of your Hepsia Control Panel. You can also activate a detection mode, so ModSecurity shall keep a log as intended, but won't take any action. The logs that you'll find in Hepsia are incredibly detailed and feature information about the nature of any attack, when it took place and from what IP, the firewall rule which was triggered, etc. We use a range of commercial rules which are regularly updated, but sometimes our admins add custom rules as well so as to efficiently protect the websites hosted on our servers.
ModSecurity in Semi-dedicated Hosting
We have incorporated ModSecurity as a standard in all semi-dedicated hosting plans, so your web apps shall be protected as soon as you install them under any domain or subdomain. The Hepsia CP which is included with the semi-dedicated accounts shall permit you to enable or turn off the firewall for any site with a mouse click. You'll also be able to activate a passive detection mode through which ModSecurity will maintain a log of possible attacks without really preventing them. The thorough logs contain the nature of the attack and what ModSecurity response this attack activated, where it came from, and so on. The list of rules which we employ is regularly updated in order to match any new threats which may appear on the Internet and it consists of both commercial rules that we get from a security company and custom-written ones which our admins include in case they discover a threat that is not present inside the commercial list yet.
ModSecurity in Dedicated Servers Hosting
ModSecurity is offered by default with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain you create on the web server. In case that a web application doesn't operate correctly, you can either turn off the firewall or set it to operate in passive mode. The latter means that ModSecurity shall maintain a log of any possible attack which might occur, but won't take any action to prevent it. The logs produced in active or passive mode shall provide you with additional details about the exact file which was attacked, the type of the attack and the IP it originated from, and so on. This information will enable you to determine what actions you can take to boost the protection of your websites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules which we use are updated frequently with a commercial pack from a third-party security firm we work with, but sometimes our admins include their own rules as well in case they come across a new potential threat.