ModSecurity is a powerful firewall for Apache web servers which is employed to prevent attacks against web applications. It monitors the HTTP traffic to a specific Internet site in real time and prevents any intrusion attempts as soon as it identifies them. The firewall uses a set of rules to accomplish that - as an illustration, attempting to log in to a script admin area without success several times triggers one rule, sending a request to execute a particular file that could result in getting access to the Internet site triggers a different rule, and so forth. ModSecurity is amongst the best firewalls available on the market and it will preserve even scripts that aren't updated on a regular basis since it can prevent attackers from using known exploits and security holes. Quite comprehensive info about every single intrusion attempt is recorded and the logs the firewall keeps are a lot more specific than the regular logs created by the Apache server, so you could later analyze them and decide if you need to take extra measures so as to boost the protection of your script-driven sites.
ModSecurity in Shared Hosting
ModSecurity comes by default with all shared hosting
plans which we supply and it'll be activated automatically for any domain or subdomain which you add/create inside your Hepsia hosting CP. The firewall has 3 different modes, so you could switch on and disable it with only a click or set it to detection mode, so it'll maintain a log of all attacks, but it'll not do anything to stop them. The log for any of your Internet sites will include in-depth information including the nature of the attack, where it came from, what action was taken by ModSecurity, etc. The firewall rules that we use are constantly updated and include both commercial ones which we get from a third-party security firm and custom ones our system administrators add in case that they detect a new sort of attacks. In this way, the sites that you host here will be way more protected with no action needed on your end.
ModSecurity in Semi-dedicated Servers
All semi-dedicated server
packages which we offer include ModSecurity and since the firewall is enabled by default, any site you build under a domain or a subdomain will be secured immediately. An independent section inside the Hepsia CP that comes with the semi-dedicated accounts is dedicated to ModSecurity and it will allow you to stop and start the firewall for any website or activate a detection mode. With the last mentioned, ModSecurity will not take any action, but it shall still recognize possible attacks and shall keep all data in a log as if it were fully active. The logs can be found in the exact same section of the Control Panel and they feature information about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to identify and stop it, and so on. The security rules that we employ on our web servers are a mix between commercial ones from a security company and custom ones created by our system administrators. Consequently, we provide greater security for your web programs as we can defend them from attacks before security companies release updates for completely new threats.
ModSecurity in VPS Servers
ModSecurity is pre-installed on all VPS servers
that are offered with the Hepsia hosting Control Panel, so your web apps will be secured from the instant your server is ready. The firewall is switched on by default for any domain or subdomain on the Virtual Private Server, but if required, you can disable it with a click from the corresponding section of Hepsia. You could also set it to function in detection mode, so it'll maintain a detailed log of any potential attacks without taking any action to prevent them. The logs are available inside the exact same section and include info about the nature of the attack, what IP it came from and what ModSecurity rule was activated to stop it. For best security, we use not simply commercial rules from a business operating in the field of web security, but also custom ones our admins include manually in order to respond to new risks that are still not dealt with in the commercial rules.
ModSecurity in Dedicated Servers
ModSecurity is provided as standard with all dedicated servers
which are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain you create on the hosting server. In case that a web app does not function adequately, you could either disable the firewall or set it to work in passive mode. The second means that ModSecurity shall keep a log of any possible attack that could occur, but will not take any action to stop it. The logs generated in passive or active mode will provide you with additional details about the exact file which was attacked, the form of the attack and the IP address it came from, and so forth. This data shall enable you to decide what actions you can take to improve the security of your websites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules which we employ are updated constantly with a commercial pack from a third-party security company we work with, but oftentimes our staff include their own rules as well if they discover a new potential threat.