ModSecurity is a highly effective firewall for Apache web servers which is used to prevent attacks against web applications. It monitors the HTTP traffic to a certain Internet site in real time and stops any intrusion attempts the moment it detects them. The firewall relies on a set of rules to do that - for instance, trying to log in to a script administration area unsuccessfully several times triggers one rule, sending a request to execute a certain file which may result in accessing the website triggers a different rule, etc. ModSecurity is one of the best firewalls around and it'll preserve even scripts that aren't updated regularly because it can prevent attackers from employing known exploits and security holes. Quite thorough info about each intrusion attempt is recorded and the logs the firewall maintains are considerably more comprehensive than the standard logs provided by the Apache server, so you may later examine them and determine if you need to take more measures in order to increase the protection of your script-driven Internet sites.
ModSecurity in Shared Website Hosting
ModSecurity can be found with every single shared website hosting package that we offer and it's activated by default for every domain or subdomain which you include through your Hepsia Control Panel. In the event that it interferes with any of your applications or you'd like to disable it for any reason, you'll be able to accomplish that through the ModSecurity area of Hepsia with merely a mouse click. You can also enable a passive mode, so the firewall will identify possible attacks and keep a log, but won't take any action. You can view extensive logs in the same section, including the IP address where the attack came from, exactly what the attacker attempted to do and at what time, what ModSecurity did, and so on. For max protection of our clients we use a collection of commercial firewall rules mixed with custom ones which are included by our system admins.
ModSecurity in Semi-dedicated Servers
Any web program which you set up in your new semi-dedicated server account shall be protected by ModSecurity because the firewall is included with all our hosting packages and is switched on by default for any domain and subdomain which you include or create via your Hepsia hosting CP. You will be able to manage ModSecurity via a dedicated area within Hepsia where not simply can you activate or deactivate it fully, but you could also switch on a passive mode, so the firewall shall not stop anything, but it shall still keep an archive of potential attacks. This requires only a mouse click and you shall be able to see the logs regardless if ModSecurity is in active or passive mode through the same section - what the attack was and where it came from, how it was dealt with, and so on. The firewall uses two sets of rules on our machines - a commercial one that we get from a third-party web security company and a custom one which our admins update personally as to respond to recently discovered risks at the earliest opportunity.
ModSecurity in VPS Servers
All VPS servers which are set up with the Hepsia Control Panel feature ModSecurity. The firewall is installed and activated by default for all domains which are hosted on the machine, so there shall not be anything special which you'll need to do to protect your Internet sites. It shall take you just a click to stop ModSecurity if necessary or to turn on its passive mode so that it records what occurs without taking any measures to prevent intrusions. You shall be able to look at the logs created in active or passive mode via the corresponding section of Hepsia and find out more about the form of the attack, where it originated from, what rule the firewall used to deal with it, etc. We employ a mix of commercial and custom rules so as to make sure that ModSecurity shall block out as many threats as possible, hence boosting the security of your web apps as much as possible.
ModSecurity in Dedicated Servers
ModSecurity is available as standard with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain you create on the hosting server. Just in case that a web app does not work correctly, you can either switch off the firewall or set it to work in passive mode. The latter means that ModSecurity will keep a log of any possible attack that could take place, but will not take any action to stop it. The logs produced in active or passive mode shall present you with more details about the exact file that was attacked, the type of the attack and the IP address it originated from, etcetera. This data will allow you to choose what steps you can take to improve the security of your Internet sites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules we use are updated constantly with a commercial bundle from a third-party security firm we work with, but occasionally our admins include their own rules as well in the event that they discover a new potential threat.