ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to an Internet site without affecting its functionality and in case it discovers an intrusion attempt, it prevents it. The firewall furthermore maintains a more detailed log for the traffic than any web server does, so you'll manage to keep track of what is happening with your websites better than if you rely merely on conventional logs. ModSecurity works with security rules based on which it prevents attacks. For instance, it detects if anyone is attempting to log in to the admin area of a specific script several times or if a request is sent to execute a file with a particular command. In these circumstances these attempts set off the corresponding rules and the firewall software hinders the attempts right away, then records comprehensive info about them within its logs. ModSecurity is one of the most effective software firewalls out there and it could easily protect your web applications against many threats and vulnerabilities, particularly in case you don’t update them or their plugins often.
ModSecurity in Web Hosting
ModSecurity comes standard with all web hosting plans which we provide and it will be switched on automatically for any domain or subdomain that you add/create within your Hepsia hosting Control Panel. The firewall has three different modes, so you can activate and disable it with a mouse click or set it to detection mode, so it'll maintain a log of all attacks, but it will not do anything to prevent them. The log for any of your sites shall include comprehensive info including the nature of the attack, where it came from, what action was taken by ModSecurity, etcetera. The firewall rules that we use are frequently updated and include both commercial ones which we get from a third-party security firm and custom ones our system admins include in the event that they detect a new sort of attacks. This way, the websites you host here shall be much more protected without any action required on your end.
ModSecurity in Semi-dedicated Servers
Any web application which you install within your new semi-dedicated server account shall be protected by ModSecurity as the firewall is provided with all our hosting packages and is activated by default for any domain and subdomain you add or create through your Hepsia hosting Control Panel. You will be able to manage ModSecurity through a dedicated section in Hepsia where not simply can you activate or deactivate it entirely, but you can also switch on a passive mode, so the firewall will not block anything, but it shall still maintain a record of potential attacks. This requires only a mouse click and you'll be able to look at the logs regardless of if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was addressed, and so on. The firewall employs two sets of rules on our servers - a commercial one that we get from a third-party web security provider and a custom one which our administrators update personally in order to respond to newly discovered threats at the earliest opportunity.
ModSecurity in Dedicated Servers
ModSecurity is provided as standard with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain that you create on the web server. In the event that a web application doesn't function adequately, you may either disable the firewall or set it to work in passive mode. The latter means that ModSecurity will maintain a log of any possible attack that could take place, but will not take any action to prevent it. The logs produced in active or passive mode shall provide you with additional details about the exact file which was attacked, the nature of the attack and the IP it came from, etcetera. This information shall permit you to determine what measures you can take to enhance the protection of your sites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we use are updated regularly with a commercial pack from a third-party security enterprise we work with, but sometimes our admins add their own rules also if they discover a new potential threat.