ModSecurity is a plugin for Apache web servers which acts as a web application layer firewall. It's used to prevent attacks toward script-driven Internet sites by using security rules which contain specific expressions. That way, the firewall can stop hacking and spamming attempts and preserve even Internet sites which aren't updated frequently. For instance, numerous unsuccessful login attempts to a script administrative area or attempts to execute a particular file with the objective to get access to the script will trigger certain rules, so ModSecurity will block out these activities the moment it identifies them. The firewall is very efficient as it monitors the whole HTTP traffic to a website in real time without slowing it down, so it could stop an attack before any damage is done. It also keeps a very detailed log of all attack attempts which includes more information than standard Apache logs, so you could later check out the data and take additional measures to boost the security of your websites if needed.
ModSecurity in Shared Website Hosting
ModSecurity can be found with each shared website hosting plan which we provide and it is activated by default for any domain or subdomain that you include via your Hepsia CP. If it disrupts any of your apps or you'd like to disable it for whatever reason, you'll be able to achieve that through the ModSecurity section of Hepsia with merely a mouse click. You could also use a passive mode, so the firewall will recognize possible attacks and maintain a log, but will not take any action. You can see extensive logs in the very same section, including the IP address where the attack came from, exactly what the attacker aimed to do and at what time, what ModSecurity did, etcetera. For optimum security of our clients we use a collection of commercial firewall rules combined with custom ones which are provided by our system admins.
ModSecurity in Semi-dedicated Hosting
ModSecurity is part of our semi-dedicated hosting packages and if you choose to host your websites with us, there won't be anything special you'll need to do as the firewall is switched on by default for all domains and subdomains you include via your hosting Control Panel. If required, you can disable ModSecurity for a certain website or switch on the so-called detection mode in which case the firewall will still function and record info, but will not do anything to stop potential attacks against your websites. Detailed logs will be available inside your Control Panel and you will be able to see what type of attacks took place, what security rules were triggered and how the firewall addressed the threats, what Internet protocol addresses the attacks came from, etcetera. We use 2 sorts of rules on our servers - commercial ones from a business which operates in the field of web security, and customized ones which our administrators occasionally add to respond to newly found risks promptly.
ModSecurity in VPS
Protection is vital to us, so we set up ModSecurity on all virtual private servers that are provided with the Hepsia CP by default. The firewall can be managed through a dedicated section inside Hepsia and is turned on automatically when you include a new domain or generate a subdomain, so you will not need to do anything by hand. You shall also be able to deactivate it or activate the so-called detection mode, so it shall maintain a log of potential attacks which you can later examine, but won't block them. The logs in both passive and active modes contain information regarding the form of the attack and how it was prevented, what IP it came from and other valuable data which could help you to tighten the security of your sites by updating them or blocking IPs, for example. Beyond the commercial rules which we get for ModSecurity from a third-party security firm, we also implement our own rules because every now and then we detect specific attacks that are not yet present in the commercial pack. That way, we could boost the security of your Virtual private server promptly as opposed to waiting for a certified update.
ModSecurity in Dedicated Hosting
All our dedicated servers which are installed with the Hepsia hosting Control Panel include ModSecurity, so any app you upload or set up will be secured from the very beginning and you won't have to worry about common attacks or vulnerabilities. An independent section in Hepsia will enable you to start or stop the firewall for each and every domain or subdomain, or activate a detection mode so that it records info about intrusions, but doesn't take actions to prevent them. What you will discover in the logs shall enable you to to secure your sites better - the IP address an attack originated from, what site was attacked as well as how, what ModSecurity rule was triggered, and so on. With this information, you can see if an Internet site needs an update, if you should block IPs from accessing your hosting server, and so forth. Aside from the third-party commercial security rules for ModSecurity we use, our admins include custom ones too if they find a new threat that is not yet in the commercial bundle.