ModSecurity is a plugin for Apache web servers that functions as a web app layer firewall. It's employed to stop attacks against script-driven websites through the use of security rules which contain certain expressions. That way, the firewall can prevent hacking and spamming attempts and protect even Internet sites which are not updated on a regular basis. For instance, multiple failed login attempts to a script admin area or attempts to execute a specific file with the purpose to get access to the script will trigger specific rules, so ModSecurity will stop these activities the minute it identifies them. The firewall is extremely efficient since it monitors the whole HTTP traffic to a site in real time without slowing it down, so it will be able to stop an attack before any harm is done. It furthermore maintains an exceptionally comprehensive log of all attack attempts which features more information than typical Apache logs, so you could later check out the data and take extra measures to increase the security of your sites if required.
ModSecurity in Shared Web Hosting
ModSecurity is available on all shared web hosting
web servers, so if you decide to host your sites with our business, they will be protected against an array of attacks. The firewall is enabled by default for all domains and subdomains, so there shall be nothing you will have to do on your end. You will be able to stop ModSecurity for any site if necessary, or to switch on a detection mode, so that all activity shall be recorded, but the firewall shall not take any real action. You will be able to view specific logs from your Hepsia Control Panel including the IP address where the attack came from, what the attacker wanted to do and how ModSecurity addressed the threat. As we take the protection of our clients' websites very seriously, we employ a selection of commercial rules which we get from one of the top companies that maintain this sort of rules. Our admins also add custom rules to make sure that your websites shall be protected against as many threats as possible.
ModSecurity in Semi-dedicated Servers
Any web application which you set up in your new semi-dedicated server
account shall be protected by ModSecurity as the firewall comes with all our hosting solutions and is turned on by default for any domain and subdomain which you include or create via your Hepsia hosting Control Panel. You shall be able to manage ModSecurity via a dedicated area within Hepsia where not only could you activate or deactivate it fully, but you could also activate a passive mode, so the firewall won't stop anything, but it'll still keep an archive of possible attacks. This requires just a mouse click and you will be able to view the logs regardless if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was handled, and so on. The firewall employs two groups of rules on our web servers - a commercial one which we get from a third-party web security company and a custom one which our admins update manually as to respond to recently discovered threats as soon as possible.
ModSecurity in Dedicated Servers
ModSecurity is available by default with all dedicated servers
that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain that you host or subdomain you create on the server. In case that a web app does not function correctly, you may either disable the firewall or set it to operate in passive mode. The second means that ModSecurity will keep a log of any potential attack which could occur, but shall not take any action to prevent it. The logs produced in active or passive mode will provide you with more details about the exact file that was attacked, the form of the attack and the IP address it originated from, etc. This info shall enable you to determine what measures you can take to enhance the protection of your sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules we use are updated regularly with a commercial pack from a third-party security provider we work with, but occasionally our admins add their own rules as well in the event that they identify a new potential threat.