ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It's used to prevent attacks against script-driven Internet sites by using security rules that contain specific expressions. In this way, the firewall can block hacking and spamming attempts and shield even Internet sites that are not updated often. As an example, numerous failed login attempts to a script administrator area or attempts to execute a specific file with the purpose to get access to the script will trigger certain rules, so ModSecurity will block out these activities the moment it discovers them. The firewall is very efficient since it monitors the whole HTTP traffic to a website in real time without slowing it down, so it can easily stop an attack before any harm is done. It also keeps a very comprehensive log of all attack attempts that includes more information than traditional Apache logs, so you could later analyze the data and take additional measures to improve the security of your sites if required.
ModSecurity in Shared Website Hosting
ModSecurity is provided with all shared website hosting web servers, so when you decide to host your Internet sites with our organization, they'll be resistant to a wide range of attacks. The firewall is turned on by default for all domains and subdomains, so there will be nothing you will have to do on your end. You shall be able to stop ModSecurity for any site if needed, or to switch on a detection mode, so that all activity will be recorded, but the firewall won't take any real action. You'll be able to view detailed logs through your Hepsia Control Panel including the IP where the attack originated from, what the attacker wished to do and how ModSecurity handled the threat. Since we take the security of our clients' websites very seriously, we employ a selection of commercial rules which we take from one of the best firms that maintain such rules. Our administrators also include custom rules to make sure that your sites will be resistant to as many risks as possible.
ModSecurity in Semi-dedicated Servers
ModSecurity is a part of our semi-dedicated server packages and if you decide to host your websites with our company, there won't be anything special you'll need to do since the firewall is turned on by default for all domains and subdomains you add via your hosting Control Panel. If needed, you could disable ModSecurity for a given website or turn on the so-called detection mode in which case the firewall will still operate and record info, but will not do anything to prevent potential attacks against your sites. Comprehensive logs shall be readily available in your Control Panel and you shall be able to see which kind of attacks occurred, what security rules were triggered and how the firewall addressed the threats, what IP addresses the attacks originated from, etcetera. We use two types of rules on our servers - commercial ones from an organization that operates in the field of web security, and custom made ones which our administrators occasionally add to respond to newly found threats promptly.
ModSecurity in VPS Servers
ModSecurity is included with all Hepsia-based VPS servers that we offer and it'll be activated automatically for every new domain or subdomain you add on the server. This way, any web app that you install shall be secured immediately without doing anything personally on your end. The firewall can be handled via the section of the Control Panel that bears the same name. This is the area whereyou can switch off ModSecurity or activate its passive mode, so it shall not take any action toward threats, but shall still maintain a comprehensive log. The recorded info is available in the same area as well and you shall be able to see what IPs any attacks originated from so that you can stop them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity responded. The rules we employ on our servers are a mixture between commercial ones we obtain from a security company and custom ones that are included by our staff to enhance the security of any web applications hosted on our end.
ModSecurity in Dedicated Servers
ModSecurity is provided by default with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain you create on the server. Just in case that a web application doesn't operate adequately, you could either switch off the firewall or set it to work in passive mode. The latter means that ModSecurity shall maintain a log of any possible attack that may occur, but will not take any action to stop it. The logs created in active or passive mode shall give you more details about the exact file that was attacked, the form of the attack and the IP address it originated from, etc. This information shall enable you to determine what actions you can take to increase the safety of your sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules we employ are updated regularly with a commercial bundle from a third-party security company we work with, but from time to time our staff add their own rules as well in the event that they find a new potential threat.