ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to an Internet site without affecting its performance and in case it discovers an intrusion attempt, it blocks it. The firewall furthermore maintains a more detailed log for the traffic than any server does, so you will manage to monitor what's going on with your sites better than if you rely only on conventional logs. ModSecurity employs security rules based on which it prevents attacks. For example, it recognizes if anyone is trying to log in to the administrator area of a specific script multiple times or if a request is sent to execute a file with a particular command. In these instances these attempts set off the corresponding rules and the firewall hinders the attempts immediately, then records in-depth information about them within its logs. ModSecurity is amongst the best software firewalls available and it can protect your web apps against a huge number of threats and vulnerabilities, particularly in case you don’t update them or their plugins frequently.
ModSecurity in Hosting
ModSecurity is available on all hosting servers, so when you choose to host your sites with our firm, they'll be shielded from a wide array of attacks. The firewall is enabled as standard for all domains and subdomains, so there'll be nothing you will have to do on your end. You shall be able to stop ModSecurity for any site if necessary, or to enable a detection mode, so all activity will be recorded, but the firewall shall not take any real action. You'll be able to view specific logs from your Hepsia Control Panel including the IP address where the attack originated from, what the attacker planned to do and how ModSecurity addressed the threat. Since we take the security of our customers' sites seriously, we employ a set of commercial rules that we take from one of the leading firms that maintain this kind of rules. Our admins also add custom rules to make certain that your Internet sites will be resistant to as many threats as possible.
ModSecurity in Semi-dedicated Hosting
Any web application that you set up within your new semi-dedicated hosting account shall be protected by ModSecurity as the firewall comes with all our hosting plans and is switched on by default for any domain and subdomain which you add or create through your Hepsia hosting CP. You will be able to manage ModSecurity through a dedicated area in Hepsia where not simply could you activate or deactivate it completely, but you could also activate a passive mode, so the firewall won't stop anything, but it shall still maintain a record of possible attacks. This normally requires just a click and you shall be able to see the logs regardless of if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was dealt with, and so on. The firewall employs two sets of rules on our servers - a commercial one which we get from a third-party web security company and a custom one which our admins update personally as to respond to recently discovered threats at the earliest opportunity.
ModSecurity in VPS Hosting
ModSecurity comes with all Hepsia-based virtual private servers we offer and it will be turned on automatically for any new domain or subdomain that you include on the web server. That way, any web application that you install shall be secured immediately without doing anything manually on your end. The firewall could be managed through the section of the CP which bears the same name. This is the location in whichyou'll be able to disable ModSecurity or let its passive mode, so it won't take any action toward threats, but shall still keep a detailed log. The recorded info is available in the same area as well and you shall be able to see what IPs any attacks originated from so that you can block them, what the nature of the attempted attacks was and based on what security rules ModSecurity reacted. The rules we use on our servers are a blend between commercial ones that we obtain from a security company and custom ones which are added by our administrators to enhance the security of any web applications hosted on our end.
ModSecurity in Dedicated Web Hosting
ModSecurity is provided as standard with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain that you create on the web server. In case that a web app doesn't function properly, you can either disable the firewall or set it to work in passive mode. The latter means that ModSecurity shall keep a log of any possible attack that might happen, but will not take any action to stop it. The logs created in passive or active mode will give you additional details about the exact file that was attacked, the form of the attack and the IP it came from, and so forth. This info will allow you to decide what actions you can take to increase the protection of your websites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules which we use are updated often with a commercial bundle from a third-party security provider we work with, but from time to time our staff include their own rules as well if they come across a new potential threat.