ModSecurity is a powerful web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its performance and if it detects an intrusion attempt, it prevents it. The firewall additionally keeps a more detailed log for the site visitors than any server does, so you shall be able to monitor what's happening with your websites a lot better than if you rely only on conventional logs. ModSecurity works with security rules based on which it stops attacks. For example, it detects if someone is attempting to log in to the administrator area of a given script a number of times or if a request is sent to execute a file with a particular command. In such cases these attempts set off the corresponding rules and the firewall software blocks the attempts instantly, and then records in-depth information about them in its logs. ModSecurity is one of the best software firewalls available and it can easily protect your web applications against thousands of threats and vulnerabilities, especially in case you don’t update them or their plugins regularly.
ModSecurity in Shared Web Hosting
ModSecurity comes by default with all shared web hosting plans that we offer and it shall be switched on automatically for any domain or subdomain you add/create inside your Hepsia hosting Control Panel. The firewall has three different modes, so you could switch on and disable it with simply a mouse click or set it to detection mode, so it shall maintain a log of all attacks, but it shall not do anything to prevent them. The log for any of your websites will include in-depth info which includes the nature of the attack, where it originated from, what action was taken by ModSecurity, etcetera. The firewall rules that we use are constantly updated and incorporate both commercial ones which we get from a third-party security business and custom ones that our system administrators include in case that they detect a new sort of attacks. This way, the Internet sites that you host here shall be far more protected without any action needed on your end.
ModSecurity in Semi-dedicated Servers
ModSecurity is a part of our semi-dedicated server solutions and if you opt to host your Internet sites with our company, there won't be anything special you'll have to do as the firewall is activated by default for all domains and subdomains you include using your hosting CP. If required, you can disable ModSecurity for a certain website or switch on the so-called detection mode in which case the firewall shall still operate and record data, but shall not do anything to prevent possible attacks on your websites. Comprehensive logs will be available inside your CP and you'll be able to see what sort of attacks occurred, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks came from, etcetera. We employ 2 sorts of rules on our servers - commercial ones from a company that operates in the field of web security, and customized ones which our admins occasionally include to respond to newly found risks in a timely manner.
ModSecurity in VPS Servers
All VPS servers that are provided with the Hepsia Control Panel include ModSecurity. The firewall is installed and turned on by default for all domains that are hosted on the machine, so there won't be anything special which you will have to do to protect your sites. It'll take you simply a mouse click to stop ModSecurity if needed or to turn on its passive mode so that it records what goes on without taking any measures to prevent intrusions. You'll be able to view the logs generated in passive or active mode from the corresponding section of Hepsia and learn more about the form of the attack, where it came from, what rule the firewall used to tackle it, and so forth. We use a mixture of commercial and custom rules so as to ensure that ModSecurity shall block out as many threats as possible, thus boosting the security of your web apps as much as possible.
ModSecurity in Dedicated Servers
ModSecurity is provided with all dedicated servers which are set up with our Hepsia CP and you'll not need to do anything specific on your end to use it as it is enabled by default whenever you add a new domain or subdomain on your web server. In case it disrupts some of your applications, you will be able to stop it through the respective area of Hepsia, or you can leave it operating in passive mode, so it shall recognize attacks and shall still maintain a log for them, but won't stop them. You may analyze the logs later to learn what you can do to increase the security of your websites since you'll find info such as where an intrusion attempt originated from, what Internet site was attacked and based on what rule ModSecurity reacted, and so on. The rules we use are commercial, hence they are regularly updated by a security company, but to be on the safe side, our staff also add custom rules once in a while in order to respond to any new threats they have found.