ModSecurity is an efficient firewall for Apache web servers that's employed to stop attacks against web applications. It keeps track of the HTTP traffic to a particular site in real time and prevents any intrusion attempts the moment it discovers them. The firewall uses a set of rules to do that - as an illustration, trying to log in to a script administration area unsuccessfully a few times triggers one rule, sending a request to execute a particular file that may result in gaining access to the website triggers another rule, etc. ModSecurity is amongst the best firewalls on the market and it'll preserve even scripts which are not updated regularly since it can prevent attackers from using known exploits and security holes. Quite thorough data about every single intrusion attempt is recorded and the logs the firewall maintains are considerably more comprehensive than the standard logs provided by the Apache server, so you could later analyze them and determine if you need to take additional measures in order to boost the safety of your script-driven sites.
ModSecurity in Web Hosting
ModSecurity comes by default with all web hosting plans that we offer and it'll be turned on automatically for any domain or subdomain you add/create in your Hepsia hosting CP. The firewall has 3 different modes, so you could switch on and deactivate it with a click or set it to detection mode, so it shall keep a log of all attacks, but it'll not do anything to prevent them. The log for each of your sites will feature comprehensive info such as the nature of the attack, where it came from, what action was taken by ModSecurity, and so on. The firewall rules that we use are regularly updated and consist of both commercial ones which we get from a third-party security company and custom ones which our system administrators include in case that they detect a new sort of attacks. This way, the sites you host here will be a lot more protected without any action expected on your end.
ModSecurity in Semi-dedicated Servers
All semi-dedicated server plans which we offer feature ModSecurity and given that the firewall is turned on by default, any site you create under a domain or a subdomain will be protected immediately. A separate section within the Hepsia CP which comes with the semi-dedicated accounts is devoted to ModSecurity and it'll allow you to start and stop the firewall for any Internet site or enable a detection mode. With the last option, ModSecurity shall not take any action, but it shall still detect possible attacks and will keep all info inside a log as if it were fully active. The logs can be found within the same section of the Control Panel and they offer details about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to identify and stop it, etcetera. The security rules we employ on our machines are a mix between commercial ones from a security company and custom ones created by our system administrators. Consequently, we provide increased security for your web programs as we can protect them from attacks before security businesses release updates for brand new threats.
ModSecurity in VPS Servers
All VPS servers which are provided with the Hepsia CP come with ModSecurity. The firewall is set up and turned on by default for all domains that are hosted on the machine, so there won't be anything special which you'll need to do to protect your websites. It'll take you a mouse click to stop ModSecurity if necessary or to activate its passive mode so that it records what happens without taking any steps to stop intrusions. You shall be able to see the logs generated in passive or active mode from the corresponding section of Hepsia and discover more about the form of the attack, where it originated from, what rule the firewall used to deal with it, and so on. We use a mixture of commercial and custom rules so as to ensure that ModSecurity will stop as many threats as possible, thus improving the protection of your web applications as much as possible.
ModSecurity in Dedicated Servers
ModSecurity is provided by default with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain you create on the server. In case that a web application doesn't function adequately, you could either switch off the firewall or set it to operate in passive mode. The second means that ModSecurity shall maintain a log of any possible attack which might happen, but won't take any action to stop it. The logs produced in passive or active mode shall provide you with additional details about the exact file which was attacked, the form of the attack and the IP address it originated from, etc. This data will allow you to decide what actions you can take to increase the safety of your Internet sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules which we use are updated often with a commercial package from a third-party security enterprise we work with, but occasionally our staff include their own rules as well if they come across a new potential threat.