Find out what ModSecurity is, how it works and what exactly it does in order to protect your sites and applications.
ModSecurity is a plugin for Apache web servers that functions as a web application layer firewall. It's employed to prevent attacks towards script-driven sites through the use of security rules that contain certain expressions. This way, the firewall can stop hacking and spamming attempts and protect even websites which are not updated often. For instance, multiple unsuccessful login attempts to a script administrative area or attempts to execute a specific file with the purpose to get access to the script will trigger particular rules, so ModSecurity will stop these activities the minute it detects them. The firewall is extremely efficient because it screens the entire HTTP traffic to an Internet site in real time without slowing it down, so it can prevent an attack before any harm is done. It also maintains a very thorough log of all attack attempts that features more info than typical Apache logs, so you can later examine the data and take additional measures to enhance the security of your sites if necessary.
ModSecurity in Web Hosting
ModSecurity comes by default with all web hosting
plans which we offer and it'll be activated automatically for any domain or subdomain you add/create within your Hepsia hosting Control Panel. The firewall has 3 different modes, so you can activate and deactivate it with just a click or set it to detection mode, so it shall keep a log of all attacks, but it'll not do anything to stop them. The log for any of your Internet sites shall feature in-depth info which includes the nature of the attack, where it came from, what action was taken by ModSecurity, etc. The firewall rules we use are regularly updated and consist of both commercial ones which we get from a third-party security firm and custom ones our system admins include in case that they detect a new sort of attacks. This way, the Internet sites which you host here shall be a lot more secure without any action required on your end.
ModSecurity in Semi-dedicated Servers
Any web application which you install within your new semi-dedicated server
account shall be protected by ModSecurity since the firewall is provided with all our hosting plans and is switched on by default for any domain and subdomain you include or create through your Hepsia hosting CP. You'll be able to manage ModSecurity through a dedicated area in Hepsia where not simply can you activate or deactivate it completely, but you could also activate a passive mode, so the firewall will not stop anything, but it'll still maintain a record of possible attacks. This requires just a click and you shall be able to look at the logs no matter if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was dealt with, etc. The firewall uses two groups of rules on our servers - a commercial one that we get from a third-party web security provider and a custom one which our admins update manually as to respond to newly discovered threats immediately.
ModSecurity in VPS Servers
All VPS servers
which are set up with the Hepsia Control Panel include ModSecurity. The firewall is set up and turned on by default for all domains which are hosted on the server, so there won't be anything special which you'll need to do to protect your Internet sites. It'll take you simply a click to stop ModSecurity if necessary or to switch on its passive mode so that it records what goes on without taking any measures to prevent intrusions. You will be able to view the logs produced in passive or active mode from the corresponding section of Hepsia and find out more about the type of the attack, where it came from, what rule the firewall employed to handle it, and so forth. We employ a combination of commercial and custom rules in order to make certain that ModSecurity shall stop as many threats as possible, thus enhancing the protection of your web apps as much as possible.
ModSecurity in Dedicated Servers
ModSecurity is provided with all dedicated servers
which are set up with our Hepsia Control Panel and you won't need to do anything specific on your end to use it because it's switched on by default every time you add a new domain or subdomain on your hosting server. If it interferes with some of your programs, you'll be able to stop it via the respective area of Hepsia, or you may leave it in passive mode, so it will detect attacks and shall still maintain a log for them, but won't block them. You'll be able to analyze the logs later to determine what you can do to increase the protection of your sites since you will find information such as where an intrusion attempt came from, what Internet site was attacked and based on what rule ModSecurity reacted, and so on. The rules that we use are commercial, thus they are frequently updated by a security provider, but to be on the safe side, our staff also include custom rules from time to time in order to respond to any new threats they have discovered.