ModSecurity is a plugin for Apache web servers that acts as a web app layer firewall. It's employed to prevent attacks against script-driven websites by using security rules which contain particular expressions. This way, the firewall can prevent hacking and spamming attempts and shield even websites that aren't updated on a regular basis. As an example, a number of failed login attempts to a script administrative area or attempts to execute a certain file with the purpose to get access to the script will trigger particular rules, so ModSecurity shall block out these activities the second it identifies them. The firewall is quite efficient as it tracks the whole HTTP traffic to a site in real time without slowing it down, so it will be able to prevent an attack before any damage is done. It also keeps an exceptionally detailed log of all attack attempts that features more information than typical Apache logs, so you could later examine the data and take additional measures to boost the security of your Internet sites if needed.
ModSecurity in Cloud Web Hosting
ModSecurity can be found with every cloud web hosting
solution that we offer and it is switched on by default for any domain or subdomain which you include through your Hepsia CP. In the event that it disrupts any of your applications or you'd like to disable it for any reason, you shall be able to do this through the ModSecurity area of Hepsia with only a mouse click. You can also activate a passive mode, so the firewall will detect possible attacks and keep a log, but will not take any action. You could see detailed logs in the very same section, including the IP where the attack originated from, what exactly the attacker aimed to do and at what time, what ModSecurity did, and so on. For maximum safety of our customers we use a set of commercial firewall rules blended with custom ones which are included by our system administrators.
ModSecurity in Semi-dedicated Servers
We have incorporated ModSecurity by default in all semi-dedicated server
products, so your web apps will be protected whenever you install them under any domain or subdomain. The Hepsia Control Panel which comes with the semi-dedicated accounts shall permit you to activate or disable the firewall for any site with a click. You shall also have the ability to activate a passive detection mode with which ModSecurity shall maintain a log of possible attacks without actually stopping them. The thorough logs contain the nature of the attack and what ModSecurity response that attack initiated, where it came from, and so on. The list of rules which we use is constantly updated in order to match any new risks which may appear on the Internet and it comes with both commercial rules that we get from a security firm and custom-written ones which our administrators include in case they discover a threat which is not present in the commercial list yet.
ModSecurity in VPS Servers
ModSecurity is included with all Hepsia-based VPS servers
which we offer and it will be turned on automatically for any new domain or subdomain that you add on the hosting server. That way, any web app that you install shall be protected right away without doing anything manually on your end. The firewall may be managed via the section of the CP which bears the same name. This is the location in whichyou'll be able to turn off ModSecurity or enable its passive mode, so it won't take any action against threats, but shall still keep a thorough log. The recorded data is available in the same area as well and you'll be able to see what IPs any attacks came from so that you block them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity reacted. The rules that we use on our servers are a mix between commercial ones we get from a security organization and custom ones that are added by our staff to optimize the security of any web apps hosted on our end.
ModSecurity in Dedicated Servers
ModSecurity is available by default with all dedicated servers
which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain that you host or subdomain which you create on the web server. Just in case that a web application does not function adequately, you can either disable the firewall or set it to function in passive mode. The latter means that ModSecurity will keep a log of any potential attack which may happen, but will not take any action to stop it. The logs generated in active or passive mode shall offer you additional details about the exact file which was attacked, the type of the attack and the IP it came from, and so on. This info shall allow you to determine what actions you can take to increase the protection of your Internet sites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we employ are updated constantly with a commercial bundle from a third-party security company we work with, but from time to time our admins add their own rules too in the event that they discover a new potential threat.