ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its functionality and if it detects an intrusion attempt, it blocks it. The firewall also keeps a more comprehensive log for the traffic than any web server does, so you'll be able to keep track of what is happening with your Internet sites a lot better than if you rely simply on standard logs. ModSecurity works with security rules based on which it helps prevent attacks. For example, it detects if anyone is attempting to log in to the administrator area of a specific script a number of times or if a request is sent to execute a file with a certain command. In such cases these attempts trigger the corresponding rules and the firewall program blocks the attempts instantly, then records comprehensive details about them in its logs. ModSecurity is one of the best software firewalls out there and it can protect your web apps against a huge number of threats and vulnerabilities, especially in case you don’t update them or their plugins regularly.
ModSecurity in Shared Web Hosting
ModSecurity is offered with each shared web hosting solution which we provide and it's switched on by default for any domain or subdomain which you include via your Hepsia Control Panel. If it disrupts any of your applications or you'd like to disable it for some reason, you will be able to accomplish that through the ModSecurity area of Hepsia with only a mouse click. You can also enable a passive mode, so the firewall will recognize possible attacks and maintain a log, but won't take any action. You can see extensive logs in the same section, including the IP address where the attack originated from, exactly what the attacker attempted to do and at what time, what ModSecurity did, and so on. For maximum safety of our customers we use a group of commercial firewall rules blended with custom ones which are included by our system admins.
ModSecurity in Semi-dedicated Servers
ModSecurity is a part of our semi-dedicated server plans and if you choose to host your Internet sites with our company, there won't be anything special you'll need to do as the firewall is activated by default for all domains and subdomains which you add using your hosting Control Panel. If necessary, you could disable ModSecurity for a particular website or enable the so-called detection mode in which case the firewall will still work and record info, but will not do anything to prevent potential attacks against your sites. Comprehensive logs shall be readily available within your CP and you shall be able to see what type of attacks took place, what security rules were triggered and how the firewall addressed the threats, what Internet protocol addresses the attacks originated from, etcetera. We use two types of rules on our servers - commercial ones from a company that operates in the field of web security, and customized ones that our admins occasionally include to respond to newly found threats promptly.
ModSecurity in VPS Servers
Security is vital to us, so we install ModSecurity on all VPS servers which are provided with the Hepsia CP by default. The firewall can be managed through a dedicated section inside Hepsia and is switched on automatically when you include a new domain or generate a subdomain, so you will not have to do anything manually. You will also be able to disable it or activate the so-called detection mode, so it'll keep a log of possible attacks you can later examine, but won't block them. The logs in both passive and active modes include information regarding the type of the attack and how it was prevented, what IP it originated from and other important info which might help you to tighten the security of your sites by updating them or blocking IPs, as an example. Besides the commercial rules which we get for ModSecurity from a third-party security firm, we also use our own rules because every now and then we discover specific attacks which are not yet present within the commercial package. This way, we can easily increase the security of your VPS promptly as opposed to waiting for a certified update.
ModSecurity in Dedicated Servers
ModSecurity is offered by default with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain which you create on the server. In case that a web app does not work properly, you could either disable the firewall or set it to function in passive mode. The latter means that ModSecurity shall keep a log of any possible attack which could occur, but shall not take any action to prevent it. The logs generated in passive or active mode will provide you with more details about the exact file that was attacked, the nature of the attack and the IP address it originated from, etcetera. This data shall allow you to decide what actions you can take to enhance the security of your Internet sites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we employ are updated frequently with a commercial bundle from a third-party security enterprise we work with, but sometimes our staff add their own rules as well if they find a new potential threat.