ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It is employed to stop attacks towards script-driven Internet sites by employing security rules that contain particular expressions. This way, the firewall can stop hacking and spamming attempts and shield even sites which are not updated on a regular basis. For instance, multiple failed login attempts to a script administrative area or attempts to execute a specific file with the intention to get access to the script shall trigger particular rules, so ModSecurity will block these activities the moment it identifies them. The firewall is incredibly efficient because it screens the entire HTTP traffic to a site in real time without slowing it down, so it can easily prevent an attack before any damage is done. It also keeps an incredibly comprehensive log of all attack attempts that features more info than conventional Apache logs, so you could later check out the data and take additional measures to increase the security of your Internet sites if needed.
ModSecurity in Website Hosting
ModSecurity can be found with each website hosting solution which we offer and it's activated by default for every domain or subdomain which you include via your Hepsia Control Panel. If it interferes with any of your applications or you'd like to disable it for whatever reason, you'll be able to accomplish that through the ModSecurity area of Hepsia with just a mouse click. You may also use a passive mode, so the firewall will recognize possible attacks and keep a log, but will not take any action. You can view comprehensive logs in the exact same section, including the IP where the attack originated from, exactly what the attacker attempted to do and at what time, what ModSecurity did, etc. For maximum security of our customers we use a collection of commercial firewall rules combined with custom ones that are included by our system admins.
ModSecurity in Semi-dedicated Servers
Any web app that you install in your new semi-dedicated server account shall be protected by ModSecurity as the firewall comes with all our hosting packages and is activated by default for any domain and subdomain which you add or create via your Hepsia hosting CP. You shall be able to manage ModSecurity through a dedicated section within Hepsia where not only could you activate or deactivate it completely, but you could also activate a passive mode, so the firewall will not stop anything, but it shall still maintain an archive of potential attacks. This normally requires just a mouse click and you'll be able to look at the logs regardless if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was handled, and so forth. The firewall employs 2 sets of rules on our web servers - a commercial one which we get from a third-party web security firm and a custom one which our administrators update personally as to respond to recently discovered risks as soon as possible.
ModSecurity in Dedicated Servers
All of our dedicated servers that are installed with the Hepsia hosting CP include ModSecurity, so any app which you upload or set up will be protected from the very beginning and you won't need to stress about common attacks or vulnerabilities. A separate section in Hepsia will permit you to start or stop the firewall for each domain or subdomain, or switch on a detection mode so that it records information regarding intrusions, but doesn't take actions to stop them. What you shall discover in the logs shall enable you to to secure your websites better - the IP address an attack originated from, what site was attacked and how, what ModSecurity rule was triggered, etc. With this data, you'll be able to see if a website needs an update, if you should block IPs from accessing your hosting server, and so forth. Aside from the third-party commercial security rules for ModSecurity we use, our admins add custom ones too every time they discover a new threat which is not yet a part of the commercial bundle.