ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It is employed to stop attacks against script-driven Internet sites by using security rules which contain particular expressions. That way, the firewall can stop hacking and spamming attempts and shield even sites which are not updated often. For example, a number of failed login attempts to a script administrative area or attempts to execute a certain file with the intention to get access to the script will trigger certain rules, so ModSecurity will block these activities the instant it discovers them. The firewall is extremely efficient because it screens the entire HTTP traffic to a website in real time without slowing it down, so it can stop an attack before any harm is done. It also maintains a very thorough log of all attack attempts which features more info than traditional Apache logs, so you could later check out the data and take additional measures to improve the security of your sites if needed.
ModSecurity in Cloud Web Hosting
ModSecurity can be found with each and every cloud web hosting
solution that we offer and it is turned on by default for every domain or subdomain that you add via your Hepsia CP. In the event that it disrupts any of your programs or you would like to disable it for some reason, you shall be able to do that through the ModSecurity section of Hepsia with simply a click. You can also use a passive mode, so the firewall will discover potential attacks and keep a log, but shall not take any action. You could see extensive logs in the same section, including the IP address where the attack originated from, what exactly the attacker attempted to do and at what time, what ModSecurity did, and so on. For maximum safety of our customers we use a collection of commercial firewall rules combined with custom ones which are included by our system admins.
ModSecurity in Semi-dedicated Servers
Any web program which you install inside your new semi-dedicated server
account shall be protected by ModSecurity since the firewall is included with all our hosting packages and is activated by default for any domain and subdomain that you add or create using your Hepsia hosting CP. You'll be able to manage ModSecurity through a dedicated area in Hepsia where not only could you activate or deactivate it fully, but you could also switch on a passive mode, so the firewall shall not stop anything, but it will still keep a record of potential attacks. This requires simply a click and you shall be able to see the logs regardless if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was dealt with, etcetera. The firewall uses two groups of rules on our web servers - a commercial one that we get from a third-party web security company and a custom one which our admins update personally in order to respond to newly discovered threats immediately.
ModSecurity in VPS Servers
All VPS servers
that are offered with the Hepsia CP come with ModSecurity. The firewall is installed and turned on by default for all domains which are hosted on the web server, so there won't be anything special which you'll need to do to protect your sites. It'll take you simply a click to stop ModSecurity if required or to turn on its passive mode so that it records what happens without taking any measures to prevent intrusions. You'll be able to see the logs generated in passive or active mode through the corresponding section of Hepsia and find out more about the form of the attack, where it came from, what rule the firewall used to handle it, and so on. We use a combination of commercial and custom rules so as to ensure that ModSecurity will prevent as many threats as possible, consequently increasing the protection of your web applications as much as possible.
ModSecurity in Dedicated Servers
ModSecurity is offered by default with all dedicated servers
which are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain which you create on the web server. In the event that a web application doesn't operate correctly, you may either turn off the firewall or set it to operate in passive mode. The second means that ModSecurity shall maintain a log of any potential attack which may occur, but will not take any action to stop it. The logs produced in passive or active mode shall present you with additional details about the exact file which was attacked, the nature of the attack and the IP it came from, etcetera. This info will permit you to choose what steps you can take to increase the safety of your websites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules we use are updated frequently with a commercial package from a third-party security firm we work with, but oftentimes our administrators add their own rules as well in case they come across a new potential threat.