ModSecurity is a plugin for Apache web servers which functions as a web application layer firewall. It's employed to stop attacks towards script-driven sites through the use of security rules that contain particular expressions. In this way, the firewall can stop hacking and spamming attempts and protect even sites which are not updated often. For instance, multiple unsuccessful login attempts to a script admin area or attempts to execute a particular file with the intention to get access to the script will trigger certain rules, so ModSecurity will stop these activities the instant it identifies them. The firewall is quite efficient because it monitors the whole HTTP traffic to an Internet site in real time without slowing it down, so it can easily stop an attack before any harm is done. It additionally keeps a very comprehensive log of all attack attempts that contains more info than typical Apache logs, so you can later analyze the data and take further measures to enhance the security of your websites if needed.
ModSecurity in Shared Hosting
ModSecurity can be found with each and every shared hosting solution that we offer and it is turned on by default for any domain or subdomain that you include via your Hepsia Control Panel. If it disrupts any of your apps or you'd like to disable it for any reason, you shall be able to do that through the ModSecurity area of Hepsia with simply a click. You could also use a passive mode, so the firewall will discover potential attacks and maintain a log, but won't take any action. You can see extensive logs in the very same section, including the IP address where the attack came from, what precisely the attacker attempted to do and at what time, what ModSecurity did, etc. For optimum safety of our clients we use a group of commercial firewall rules blended with custom ones which are added by our system admins.
ModSecurity in Semi-dedicated Hosting
Any web app that you set up inside your new semi-dedicated hosting account shall be protected by ModSecurity as the firewall is included with all our hosting packages and is switched on by default for any domain and subdomain which you include or create through your Hepsia hosting Control Panel. You will be able to manage ModSecurity through a dedicated section in Hepsia where not only could you activate or deactivate it fully, but you may also enable a passive mode, so the firewall will not stop anything, but it will still maintain an archive of potential attacks. This normally requires only a click and you will be able to look at the logs no matter if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was dealt with, etcetera. The firewall uses 2 groups of rules on our servers - a commercial one that we get from a third-party web security provider and a custom one which our administrators update personally in order to respond to recently discovered risks at the earliest opportunity.
ModSecurity in VPS
Security is vital to us, so we set up ModSecurity on all virtual private servers which are provided with the Hepsia Control Panel as a standard. The firewall can be managed through a dedicated section in Hepsia and is switched on automatically when you add a new domain or create a subdomain, so you'll not need to do anything personally. You will also be able to deactivate it or activate the so-called detection mode, so it shall keep a log of potential attacks you can later study, but shall not prevent them. The logs in both passive and active modes contain information regarding the kind of the attack and how it was prevented, what IP address it came from and other important info that could help you to tighten the security of your sites by updating them or blocking IPs, for example. In addition to the commercial rules which we get for ModSecurity from a third-party security firm, we also use our own rules because once in a while we detect specific attacks which are not yet present inside the commercial group. That way, we could increase the security of your VPS in a timely manner instead of awaiting a certified update.
ModSecurity in Dedicated Hosting
ModSecurity is provided as standard with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain that you create on the web server. In the event that a web app does not work properly, you could either switch off the firewall or set it to function in passive mode. The second means that ModSecurity shall keep a log of any possible attack which could occur, but won't take any action to stop it. The logs created in passive or active mode will offer you additional details about the exact file which was attacked, the type of the attack and the IP it originated from, etc. This info will allow you to choose what steps you can take to enhance the security of your sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules which we employ are updated constantly with a commercial bundle from a third-party security firm we work with, but from time to time our administrators include their own rules also when they identify a new potential threat.