Discover what ModSecurity is, how it works and just what it does in order to protect your sites and applications.
ModSecurity is a highly effective web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to an Internet site without affecting its performance and if it detects an intrusion attempt, it blocks it. The firewall furthermore maintains a more comprehensive log for the site visitors than any web server does, so you'll be able to monitor what's happening with your sites much better than if you rely simply on standard logs. ModSecurity uses security rules based on which it prevents attacks. For example, it identifies if anyone is attempting to log in to the administration area of a particular script multiple times or if a request is sent to execute a file with a certain command. In these cases these attempts trigger the corresponding rules and the firewall blocks the attempts in real time, and then records detailed information about them inside its logs. ModSecurity is among the very best software firewalls available and it could easily protect your web applications against a huge number of threats and vulnerabilities, particularly in case you don’t update them or their plugins frequently.
ModSecurity in Shared Website Hosting
We provide ModSecurity with all shared website hosting
packages, so your web applications shall be protected against destructive attacks. The firewall is switched on by default for all domains and subdomains, but if you would like, you shall be able to stop it through the respective part of your Hepsia CP. You'll be able to also activate a detection mode, so ModSecurity shall keep a log as intended, but shall not take any action. The logs which you shall find in Hepsia are incredibly detailed and feature data about the nature of any attack, when it occurred and from what IP, the firewall rule that was triggered, and so forth. We use a set of commercial rules that are regularly updated, but sometimes our admins add custom rules as well so as to better protect the sites hosted on our machines.
ModSecurity in Semi-dedicated Servers
Any web program that you install within your new semi-dedicated server
account will be protected by ModSecurity because the firewall comes with all our hosting packages and is switched on by default for any domain and subdomain which you add or create using your Hepsia hosting CP. You shall be able to manage ModSecurity through a dedicated area within Hepsia where not only could you activate or deactivate it completely, but you may also activate a passive mode, so the firewall won't block anything, but it'll still maintain an archive of potential attacks. This requires simply a click and you'll be able to see the logs regardless of if ModSecurity is in active or passive mode through the same section - what the attack was and where it came from, how it was taken care of, etc. The firewall uses two groups of rules on our machines - a commercial one which we get from a third-party web security firm and a custom one that our admins update personally in order to respond to recently discovered threats as quickly as possible.
ModSecurity in Dedicated Servers
ModSecurity is included with all dedicated servers
which are set up with our Hepsia CP and you'll not need to do anything specific on your end to employ it since it is turned on by default each time you include a new domain or subdomain on your hosting server. If it interferes with some of your programs, you will be able to stop it through the respective part of Hepsia, or you can leave it in passive mode, so it shall identify attacks and will still maintain a log for them, but will not prevent them. You may look at the logs later to find out what you can do to enhance the safety of your sites since you will find details such as where an intrusion attempt originated from, what Internet site was attacked and in accordance with what rule ModSecurity reacted, and so forth. The rules which we employ are commercial, hence they are constantly updated by a security company, but to be on the safe side, our admins also add custom rules occasionally as to react to any new threats they have discovered.