ModSecurity is a potent web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its operation and when it identifies an intrusion attempt, it blocks it. The firewall also maintains a more detailed log for the site visitors than any server does, so you'll be able to keep an eye on what is happening with your sites much better than if you rely merely on conventional logs. ModSecurity uses security rules based on which it prevents attacks. For instance, it identifies if somebody is attempting to log in to the administration area of a given script a number of times or if a request is sent to execute a file with a certain command. In these instances these attempts set off the corresponding rules and the firewall blocks the attempts in real time, after that records in-depth information about them in its logs. ModSecurity is among the most effective software firewalls out there and it can easily protect your web apps against a huge number of threats and vulnerabilities, particularly in case you don’t update them or their plugins frequently.
ModSecurity in Web Hosting
We offer ModSecurity with all web hosting solutions, so your web apps shall be protected against malicious attacks. The firewall is activated as standard for all domains and subdomains, but in case you would like, you shall be able to stop it via the respective area of your Hepsia CP. You can also switch on a detection mode, so ModSecurity will keep a log as intended, but will not take any action. The logs which you shall discover in Hepsia are very detailed and include information about the nature of any attack, when it happened and from what IP address, the firewall rule that was triggered, and so on. We employ a group of commercial rules that are regularly updated, but sometimes our administrators include custom rules as well in order to efficiently protect the Internet sites hosted on our machines.
ModSecurity in Semi-dedicated Servers
ModSecurity is part of our semi-dedicated server packages and if you decide to host your websites with us, there won't be anything special you'll need to do since the firewall is turned on by default for all domains and subdomains which you include via your hosting CP. If required, you'll be able to disable ModSecurity for a given Internet site or switch on the so-called detection mode in which case the firewall will still function and record data, but won't do anything to prevent possible attacks on your sites. In depth logs will be available within your CP and you will be able to see which kind of attacks occurred, what security rules were triggered and how the firewall dealt with the threats, what IP addresses the attacks came from, etcetera. We use two sorts of rules on our servers - commercial ones from a business which operates in the field of web security, and custom made ones that our admins often add to respond to newly found threats in a timely manner.
ModSecurity in Dedicated Servers
ModSecurity is provided with all dedicated servers that are set up with our Hepsia CP and you won't need to do anything specific on your end to use it since it's activated by default every time you include a new domain or subdomain on your hosting server. In the event that it disrupts some of your applications, you'll be able to stop it through the respective section of Hepsia, or you could leave it operating in passive mode, so it shall detect attacks and will still keep a log for them, but will not prevent them. You may analyze the logs later to determine what you can do to improve the safety of your sites as you shall find info such as where an intrusion attempt originated from, what site was attacked and based on what rule ModSecurity responded, etcetera. The rules that we use are commercial, therefore they're frequently updated by a security company, but to be on the safe side, our staff also include custom rules occasionally as to react to any new threats they have discovered.