ModSecurity is a plugin for Apache web servers that functions as a web app layer firewall. It's employed to stop attacks against script-driven websites through the use of security rules which contain certain expressions. That way, the firewall can prevent hacking and spamming attempts and protect even Internet sites which are not updated on a regular basis. For instance, multiple failed login attempts to a script admin area or attempts to execute a specific file with the purpose to get access to the script will trigger specific rules, so ModSecurity will stop these activities the minute it identifies them. The firewall is extremely efficient since it monitors the whole HTTP traffic to a site in real time without slowing it down, so it will be able to stop an attack before any harm is done. It furthermore maintains an exceptionally comprehensive log of all attack attempts which features more information than typical Apache logs, so you could later check out the data and take extra measures to increase the security of your sites if required.
ModSecurity in Semi-dedicated Servers
Any web application which you set up in your new semi-dedicated server account shall be protected by ModSecurity as the firewall comes with all our hosting solutions and is turned on by default for any domain and subdomain which you include or create via your Hepsia hosting Control Panel. You shall be able to manage ModSecurity via a dedicated area within Hepsia where not only could you activate or deactivate it fully, but you could also activate a passive mode, so the firewall won't stop anything, but it'll still keep an archive of possible attacks. This requires just a mouse click and you will be able to view the logs regardless if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was handled, and so on. The firewall employs two groups of rules on our web servers - a commercial one which we get from a third-party web security company and a custom one which our admins update manually as to respond to recently discovered threats as soon as possible.
ModSecurity in VPS Servers
All VPS servers which are provided with the Hepsia Control Panel come with ModSecurity. The firewall is set up and switched on by default for all domains which are hosted on the server, so there will not be anything special which you will have to do to protect your websites. It will take you just a mouse click to stop ModSecurity if needed or to switch on its passive mode so that it records what goes on without taking any steps to prevent intrusions. You will be able to see the logs produced in passive or active mode from the corresponding section of Hepsia and learn more about the form of the attack, where it came from, what rule the firewall employed to take care of it, etcetera. We employ a mixture of commercial and custom rules so as to make sure that ModSecurity will block out as many risks as possible, thus enhancing the protection of your web applications as much as possible.
ModSecurity in Dedicated Servers
ModSecurity is available by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain that you host or subdomain you create on the server. In case that a web app does not function correctly, you may either disable the firewall or set it to operate in passive mode. The second means that ModSecurity will keep a log of any potential attack which could occur, but shall not take any action to prevent it. The logs produced in active or passive mode will provide you with more details about the exact file that was attacked, the form of the attack and the IP address it originated from, etc. This info shall enable you to determine what measures you can take to enhance the protection of your sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules we use are updated regularly with a commercial pack from a third-party security provider we work with, but occasionally our admins add their own rules as well in the event that they identify a new potential threat.