ModSecurity is a powerful firewall for Apache web servers which is employed to prevent attacks towards web applications. It monitors the HTTP traffic to a certain website in real time and stops any intrusion attempts the instant it detects them. The firewall relies on a set of rules to accomplish that - for instance, attempting to log in to a script administrator area unsuccessfully a few times sets off one rule, sending a request to execute a particular file that may result in getting access to the Internet site triggers another rule, etcetera. ModSecurity is one of the best firewalls out there and it'll secure even scripts which are not updated often since it can prevent attackers from employing known exploits and security holes. Incredibly comprehensive information about every single intrusion attempt is recorded and the logs the firewall maintains are much more comprehensive than the standard logs generated by the Apache server, so you may later analyze them and decide if you need to take more measures so as to increase the security of your script-driven sites.
ModSecurity in Hosting
ModSecurity comes by default with all hosting packages that we supply and it shall be turned on automatically for any domain or subdomain you add/create in your Hepsia hosting CP. The firewall has 3 different modes, so you'll be able to switch on and disable it with simply a mouse click or set it to detection mode, so it'll keep a log of all attacks, but it will not do anything to stop them. The log for each of your websites will include elaborate info such as the nature of the attack, where it came from, what action was taken by ModSecurity, and so forth. The firewall rules that we use are frequently updated and consist of both commercial ones we get from a third-party security company and custom ones that our system administrators include in case that they detect a new sort of attacks. This way, the Internet sites which you host here will be way more secure without any action required on your end.
ModSecurity in Semi-dedicated Servers
ModSecurity is part of our semi-dedicated server plans and if you opt to host your Internet sites with us, there won't be anything special you'll have to do as the firewall is activated by default for all domains and subdomains you add using your hosting Control Panel. If needed, you could disable ModSecurity for a certain website or activate the so-called detection mode in which case the firewall will still function and record info, but shall not do anything to prevent potential attacks against your sites. Detailed logs will be available in your CP and you'll be able to see which kind of attacks occurred, what security rules were triggered and how the firewall addressed the threats, what Internet protocol addresses the attacks came from, and so on. We use 2 kinds of rules on our servers - commercial ones from a firm which operates in the field of web security, and customized ones that our administrators often add to respond to newly discovered risks promptly.
ModSecurity in VPS Servers
ModSecurity is pre-installed on all VPS servers that are set up with the Hepsia hosting CP, so your web applications will be protected from the moment your server is in a position. The firewall is turned on by default for any domain or subdomain on the VPS, but if needed, you'll be able to deactivate it with a click through the corresponding section of Hepsia. You may also set it to function in detection mode, so it will keep a detailed log of any possible attacks without taking any action to prevent them. The logs can be found within the same section and offer information about the nature of the attack, what IP it came from and what ModSecurity rule was activated to stop it. For optimum security, we employ not only commercial rules from a company working in the field of web security, but also custom ones our admins add manually in order to respond to new threats that are still not tackled in the commercial rules.
ModSecurity in Dedicated Servers
ModSecurity is provided with all dedicated servers which are set up with our Hepsia Control Panel and you will not have to do anything specific on your end to employ it as it's activated by default each time you include a new domain or subdomain on your server. In the event that it interferes with any of your apps, you will be able to stop it via the respective section of Hepsia, or you may leave it operating in passive mode, so it will recognize attacks and will still keep a log for them, but will not stop them. You can analyze the logs later to determine what you can do to improve the security of your websites as you'll find information such as where an intrusion attempt originated from, what Internet site was attacked and in accordance with what rule ModSecurity responded, etcetera. The rules which we employ are commercial, hence they are constantly updated by a security provider, but to be on the safe side, our staff also add custom rules occasionally as to deal with any new threats they have discovered.