ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It's employed to stop attacks towards script-driven websites by using security rules that contain certain expressions. That way, the firewall can prevent hacking and spamming attempts and protect even websites that aren't updated frequently. As an example, multiple failed login attempts to a script administrative area or attempts to execute a certain file with the intention to get access to the script will trigger certain rules, so ModSecurity shall block out these activities the moment it identifies them. The firewall is quite efficient as it screens the whole HTTP traffic to a site in real time without slowing it down, so it could stop an attack before any harm is done. It also keeps an exceptionally detailed log of all attack attempts which features more information than conventional Apache logs, so you can later check out the data and take further measures to boost the security of your websites if needed.
ModSecurity in Cloud Website Hosting
ModSecurity is offered with every single cloud website hosting plan that we provide and it is switched on by default for every domain or subdomain which you add via your Hepsia CP. In case it disrupts any of your applications or you'd like to disable it for any reason, you will be able to do this through the ModSecurity section of Hepsia with simply a click. You could also activate a passive mode, so the firewall will recognize possible attacks and keep a log, but shall not take any action. You could see comprehensive logs in the same section, including the IP where the attack came from, what exactly the attacker aimed to do and at what time, what ModSecurity did, etc. For optimum safety of our clients we use a group of commercial firewall rules combined with custom ones that are provided by our system admins.
ModSecurity in Semi-dedicated Servers
Any web application which you set up in your new semi-dedicated server account shall be protected by ModSecurity since the firewall is included with all our hosting plans and is turned on by default for any domain and subdomain which you add or create through your Hepsia hosting CP. You will be able to manage ModSecurity through a dedicated section in Hepsia where not only can you activate or deactivate it completely, but you could also activate a passive mode, so the firewall shall not stop anything, but it shall still keep a record of potential attacks. This normally requires just a mouse click and you will be able to look at the logs regardless if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was handled, and so on. The firewall employs 2 groups of rules on our servers - a commercial one which we get from a third-party web security company and a custom one that our admins update manually as to respond to recently discovered threats as soon as possible.
ModSecurity in VPS Servers
ModSecurity is pre-installed on all VPS servers that are offered with the Hepsia hosting Control Panel, so your web programs shall be secured from the second your server is ready. The firewall is activated by default for any domain or subdomain on the Virtual Private Server, but if needed, you could disable it with a click of your mouse via the corresponding section of Hepsia. You can also set it to work in detection mode, so it will maintain an extensive log of any potential attacks without taking any action to prevent them. The logs can be found within the very same section and provide details about the nature of the attack, what IP it originated from and what ModSecurity rule was activated to stop it. For maximum security, we use not only commercial rules from a firm operating in the field of web security, but also custom ones that our administrators include personally in order to respond to new threats that are still not dealt with in the commercial rules.
ModSecurity in Dedicated Servers
ModSecurity comes with all dedicated servers which are set up with our Hepsia CP and you won't need to do anything specific on your end to use it because it is enabled by default every time you add a new domain or subdomain on your web server. If it interferes with some of your applications, you will be able to stop it via the respective part of Hepsia, or you could leave it operating in passive mode, so it shall identify attacks and will still maintain a log for them, but shall not stop them. You could analyze the logs later to determine what you can do to boost the protection of your sites since you shall find details such as where an intrusion attempt originated from, what Internet site was attacked and in accordance with what rule ModSecurity responded, and so forth. The rules we employ are commercial, therefore they are frequently updated by a security provider, but to be on the safe side, our administrators also add custom rules every now and then as to respond to any new threats they have found.