ModSecurity is a highly effective firewall for Apache web servers that is used to stop attacks toward web applications. It monitors the HTTP traffic to a certain site in real time and stops any intrusion attempts the moment it detects them. The firewall uses a set of rules to do this - for example, attempting to log in to a script admin area without success a few times activates one rule, sending a request to execute a particular file which could result in accessing the Internet site triggers a different rule, etcetera. ModSecurity is amongst the best firewalls out there and it'll preserve even scripts which are not updated frequently as it can prevent attackers from employing known exploits and security holes. Incredibly comprehensive info about every intrusion attempt is recorded and the logs the firewall keeps are much more specific than the conventional logs generated by the Apache server, so you could later analyze them and decide whether you need to take extra measures so as to increase the safety of your script-driven sites.
ModSecurity in Hosting
ModSecurity can be found with every hosting solution that we provide and it's activated by default for every domain or subdomain which you add via your Hepsia CP. In the event that it disrupts any of your apps or you'd like to disable it for any reason, you'll be able to do that through the ModSecurity section of Hepsia with simply a mouse click. You could also enable a passive mode, so the firewall will identify possible attacks and maintain a log, but will not take any action. You'll be able to view extensive logs in the exact same section, including the IP address where the attack originated from, what precisely the attacker tried to do and at what time, what ModSecurity did, etc. For maximum safety of our customers we use a collection of commercial firewall rules blended with custom ones which are provided by our system admins.
ModSecurity in Semi-dedicated Servers
We have incorporated ModSecurity as a standard inside all semi-dedicated server plans, so your web apps shall be protected as soon as you install them under any domain or subdomain. The Hepsia CP which comes with the semi-dedicated accounts will permit you to activate or disable the firewall for any website with a mouse click. You will also have the ability to activate a passive detection mode in which ModSecurity shall keep a log of potential attacks without really stopping them. The thorough logs include things like the nature of the attack and what ModSecurity response that attack initiated, where it came from, and so forth. The list of rules that we use is constantly updated in order to match any new threats which could appear on the Internet and it comes with both commercial rules that we get from a security company and custom-written ones that our admins add if they discover a threat that is not present within the commercial list yet.
ModSecurity in VPS Servers
Security is vital to us, so we set up ModSecurity on all VPS servers that are made available with the Hepsia CP by default. The firewall can be managed through a dedicated section within Hepsia and is switched on automatically when you include a new domain or generate a subdomain, so you won't have to do anything manually. You shall also be able to disable it or switch on the so-called detection mode, so it will keep a log of potential attacks that you can later examine, but shall not stop them. The logs in both passive and active modes include info regarding the form of the attack and how it was stopped, what IP it originated from and other important info that might help you to tighten the security of your sites by updating them or blocking IPs, for instance. In addition to the commercial rules that we get for ModSecurity from a third-party security enterprise, we also implement our own rules because occasionally we identify specific attacks that are not yet present inside the commercial pack. That way, we can enhance the security of your Virtual private server instantly instead of awaiting a certified update.
ModSecurity in Dedicated Servers
ModSecurity is provided by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain that you host or subdomain you create on the server. In the event that a web app doesn't operate properly, you can either disable the firewall or set it to operate in passive mode. The latter means that ModSecurity will keep a log of any potential attack that might happen, but won't take any action to stop it. The logs created in passive or active mode will give you more details about the exact file which was attacked, the nature of the attack and the IP address it originated from, and so on. This info shall allow you to choose what steps you can take to increase the security of your websites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules which we employ are updated constantly with a commercial package from a third-party security firm we work with, but occasionally our administrators add their own rules also if they come across a new potential threat.