ModSecurity is a plugin for Apache web servers that functions as a web application layer firewall. It is used to stop attacks against script-driven sites by employing security rules that contain particular expressions. This way, the firewall can prevent hacking and spamming attempts and preserve even Internet sites which aren't updated often. For instance, numerous failed login attempts to a script admin area or attempts to execute a specific file with the purpose to get access to the script will trigger certain rules, so ModSecurity will block these activities the instant it discovers them. The firewall is quite efficient as it screens the whole HTTP traffic to an Internet site in real time without slowing it down, so it will be able to stop an attack before any damage is done. It also keeps an incredibly thorough log of all attack attempts that contains more info than typical Apache logs, so you can later check out the data and take extra measures to increase the security of your websites if needed.
ModSecurity in Web Hosting
ModSecurity is available with each web hosting plan which we offer and it's activated by default for any domain or subdomain that you add via your Hepsia Control Panel. In case it disrupts any of your applications or you'd like to disable it for some reason, you shall be able to do this through the ModSecurity area of Hepsia with merely a mouse click. You may also use a passive mode, so the firewall will detect possible attacks and maintain a log, but will not take any action. You could view comprehensive logs in the very same section, including the IP address where the attack originated from, what precisely the attacker tried to do and at what time, what ModSecurity did, etcetera. For maximum protection of our clients we use a set of commercial firewall rules blended with custom ones which are included by our system admins.
ModSecurity in Semi-dedicated Servers
We've incorporated ModSecurity as a standard in all semi-dedicated server packages, so your web apps will be protected the instant you install them under any domain or subdomain. The Hepsia CP that is included with the semi-dedicated accounts will permit you to switch on or turn off the firewall for any site with a mouse click. You'll also have the ability to switch on a passive detection mode through which ModSecurity will keep a log of possible attacks without really stopping them. The comprehensive logs include the nature of the attack and what ModSecurity response that attack initiated, where it originated from, etcetera. The list of rules that we use is frequently updated in order to match any new risks that may appear on the Internet and it features both commercial rules that we get from a security firm and custom-written ones which our admins include in case they discover a threat that is not present within the commercial list yet.
ModSecurity in VPS Servers
Safety is vital to us, so we install ModSecurity on all VPS servers that are made available with the Hepsia CP as a standard. The firewall could be managed through a dedicated section in Hepsia and is turned on automatically when you add a new domain or generate a subdomain, so you'll not need to do anything personally. You shall also be able to disable it or switch on the so-called detection mode, so it shall keep a log of possible attacks you can later analyze, but won't block them. The logs in both passive and active modes offer details regarding the type of the attack and how it was stopped, what IP address it originated from and other useful data which might help you to tighten the security of your Internet sites by updating them or blocking IPs, for instance. On top of the commercial rules that we get for ModSecurity from a third-party security firm, we also implement our own rules because from time to time we find specific attacks which aren't yet present inside the commercial group. This way, we can easily boost the protection of your VPS in a timely manner as opposed to waiting for a certified update.
ModSecurity in Dedicated Servers
ModSecurity is available as standard with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain you create on the web server. In case that a web application does not operate properly, you can either turn off the firewall or set it to function in passive mode. The second means that ModSecurity shall maintain a log of any potential attack that could happen, but won't take any action to stop it. The logs generated in passive or active mode shall provide you with additional details about the exact file that was attacked, the form of the attack and the IP address it came from, and so forth. This info shall enable you to determine what measures you can take to enhance the safety of your Internet sites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules which we employ are updated regularly with a commercial pack from a third-party security company we work with, but sometimes our administrators add their own rules also if they come across a new potential threat.