Find out what ModSecurity is, how it works and what exactly it does to protect your web sites and applications.
ModSecurity is an effective firewall for Apache web servers that is used to prevent attacks towards web apps. It tracks the HTTP traffic to a certain Internet site in real time and blocks any intrusion attempts as soon as it discovers them. The firewall relies on a set of rules to do that - as an example, trying to log in to a script administrator area without success several times triggers one rule, sending a request to execute a specific file that could result in gaining access to the site triggers another rule, and so on. ModSecurity is amongst the best firewalls available on the market and it'll secure even scripts that aren't updated on a regular basis as it can prevent attackers from using known exploits and security holes. Very thorough data about every intrusion attempt is recorded and the logs the firewall maintains are a lot more comprehensive than the conventional logs provided by the Apache server, so you may later examine them and decide if you need to take more measures in order to enhance the safety of your script-driven websites.
ModSecurity in Website Hosting
ModSecurity is provided with all website hosting
web servers, so when you choose to host your sites with our business, they shall be protected against a wide array of attacks. The firewall is enabled as standard for all domains and subdomains, so there'll be nothing you shall need to do on your end. You shall be able to stop ModSecurity for any site if needed, or to enable a detection mode, so that all activity shall be recorded, but the firewall shall not take any real action. You'll be able to view specific logs via your Hepsia Control Panel including the IP where the attack originated from, what the attacker wanted to do and how ModSecurity dealt with the threat. Since we take the security of our clients' websites very seriously, we use a set of commercial rules that we get from one of the leading firms that maintain this sort of rules. Our admins also add custom rules to ensure that your Internet sites shall be shielded from as many threats as possible.
ModSecurity in Semi-dedicated Servers
Any web app you set up within your new semi-dedicated server
account shall be protected by ModSecurity because the firewall is provided with all our hosting solutions and is turned on by default for any domain and subdomain that you include or create through your Hepsia hosting CP. You will be able to manage ModSecurity via a dedicated area within Hepsia where not only can you activate or deactivate it entirely, but you could also switch on a passive mode, so the firewall will not block anything, but it shall still maintain a record of potential attacks. This requires simply a mouse click and you will be able to view the logs no matter if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was handled, and so forth. The firewall uses 2 sets of rules on our web servers - a commercial one that we get from a third-party web security provider and a custom one that our admins update personally as to respond to newly discovered risks as quickly as possible.
ModSecurity in VPS Servers
ModSecurity is pre-installed on all VPS servers
which are provided with the Hepsia hosting CP, so your web programs shall be secured from the moment your server is in a position. The firewall is turned on by default for any domain or subdomain on the Virtual Private Server, but if needed, you'll be able to disable it with a mouse click through the corresponding section of Hepsia. You could also set it to function in detection mode, so it'll maintain a detailed log of any possible attacks without taking any action to prevent them. The logs are available inside the very same section and provide info about the nature of the attack, what IP it came from and what ModSecurity rule was initiated to stop it. For optimum security, we employ not just commercial rules from a firm operating in the field of web security, but also custom ones that our administrators include personally so as to respond to new risks that are still not dealt with in the commercial rules.
ModSecurity in Dedicated Servers
ModSecurity is available by default with all dedicated servers
that are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain which you create on the hosting server. Just in case that a web app doesn't function adequately, you could either disable the firewall or set it to function in passive mode. The second means that ModSecurity shall maintain a log of any potential attack that could take place, but will not take any action to stop it. The logs created in passive or active mode will provide you with more details about the exact file which was attacked, the nature of the attack and the IP it originated from, and so on. This info shall permit you to decide what actions you can take to increase the protection of your sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules which we use are updated regularly with a commercial bundle from a third-party security provider we work with, but occasionally our staff include their own rules as well if they find a new potential threat.