ModSecurity is a potent web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its performance and when it detects an intrusion attempt, it prevents it. The firewall also maintains a more detailed log for the traffic than any server does, so you'll be able to keep track of what is happening with your websites a lot better than if you rely simply on standard logs. ModSecurity employs security rules based on which it prevents attacks. For example, it detects whether someone is attempting to log in to the admin area of a given script multiple times or if a request is sent to execute a file with a certain command. In these cases these attempts trigger the corresponding rules and the firewall program blocks the attempts instantly, after that records in-depth info about them in its logs. ModSecurity is among the most effective software firewalls out there and it can protect your web apps against thousands of threats and vulnerabilities, especially in case you don’t update them or their plugins often.
ModSecurity in Shared Web Hosting
ModSecurity is available with every shared web hosting package that we provide and it is activated by default for every domain or subdomain which you add through your Hepsia Control Panel. In the event that it interferes with any of your programs or you would like to disable it for some reason, you will be able to achieve that through the ModSecurity section of Hepsia with only a click. You could also activate a passive mode, so the firewall will discover potential attacks and keep a log, but won't take any action. You can see detailed logs in the very same section, including the IP where the attack came from, what exactly the attacker attempted to do and at what time, what ModSecurity did, etc. For optimum security of our customers we use a set of commercial firewall rules mixed with custom ones that are provided by our system administrators.
ModSecurity in Semi-dedicated Servers
ModSecurity is a part of our semi-dedicated server packages and if you decide to host your sites with our company, there will not be anything special you'll need to do since the firewall is switched on by default for all domains and subdomains you include via your hosting Control Panel. If necessary, you can disable ModSecurity for a particular website or enable the so-called detection mode in which case the firewall shall still operate and record information, but will not do anything to prevent possible attacks on your sites. Detailed logs will be accessible inside your CP and you'll be able to see what type of attacks took place, what security rules were triggered and how the firewall handled the threats, what Internet protocol addresses the attacks originated from, etcetera. We use 2 sorts of rules on our servers - commercial ones from a business which operates in the field of web security, and customized ones that our admins often include to respond to newly identified threats on time.
ModSecurity in VPS Servers
ModSecurity is pre-installed on all VPS servers which are provided with the Hepsia hosting Control Panel, so your web programs will be protected from the second your server is in a position. The firewall is turned on by default for any domain or subdomain on the Virtual Private Server, but if needed, you'll be able to deactivate it with a click of your mouse through the corresponding section of Hepsia. You can also set it to function in detection mode, so it'll maintain an extensive log of any possible attacks without taking any action to prevent them. The logs can be found within the exact same section and provide information about the nature of the attack, what IP it came from and what ModSecurity rule was initiated to stop it. For best security, we use not only commercial rules from a company operating in the field of web security, but also custom ones that our admins include personally so as to react to new threats that are still not tackled in the commercial rules.
ModSecurity in Dedicated Servers
ModSecurity is included with all dedicated servers that are integrated with our Hepsia CP and you won't need to do anything specific on your end to employ it since it's turned on by default each time you include a new domain or subdomain on your server. If it interferes with any of your applications, you'll be able to stop it via the respective part of Hepsia, or you may leave it operating in passive mode, so it will identify attacks and shall still maintain a log for them, but will not stop them. You could look at the logs later to find out what you can do to improve the protection of your sites as you will find information such as where an intrusion attempt came from, what Internet site was attacked and based on what rule ModSecurity reacted, and so forth. The rules which we use are commercial, hence they are frequently updated by a security company, but to be on the safe side, our staff also add custom rules occasionally as to react to any new threats they have found.