Discover what ModSecurity is, how it works and what exactly it does in order to protect your web sites and apps.
ModSecurity is a plugin for Apache web servers that acts as a web app layer firewall. It's employed to prevent attacks toward script-driven sites through the use of security rules that contain specific expressions. This way, the firewall can block hacking and spamming attempts and preserve even sites that aren't updated frequently. For instance, numerous failed login attempts to a script administrative area or attempts to execute a specific file with the intention to get access to the script will trigger specific rules, so ModSecurity shall stop these activities the moment it identifies them. The firewall is incredibly efficient since it tracks the whole HTTP traffic to an Internet site in real time without slowing it down, so it will be able to prevent an attack before any harm is done. It also maintains an incredibly thorough log of all attack attempts that features more information than standard Apache logs, so you can later analyze the data and take further measures to improve the security of your sites if needed.
ModSecurity in Shared Hosting
We provide ModSecurity with all shared hosting
packages, so your web applications shall be protected against malicious attacks. The firewall is turned on as standard for all domains and subdomains, but if you'd like, you'll be able to stop it using the respective section of your Hepsia Control Panel. You could also activate a detection mode, so ModSecurity will keep a log as intended, but won't take any action. The logs that you will discover within Hepsia are incredibly detailed and offer information about the nature of any attack, when it occurred and from what IP address, the firewall rule which was triggered, etc. We use a group of commercial rules which are constantly updated, but sometimes our administrators add custom rules as well in order to efficiently protect the sites hosted on our machines.
ModSecurity in Semi-dedicated Servers
We have incorporated ModSecurity as a standard inside all semi-dedicated server
plans, so your web applications will be protected the instant you install them under any domain or subdomain. The Hepsia Control Panel which is included with the semi-dedicated accounts will allow you to enable or turn off the firewall for any website with a mouse click. You'll also be able to switch on a passive detection mode with which ModSecurity shall keep a log of potential attacks without actually preventing them. The comprehensive logs include the nature of the attack and what ModSecurity response this attack triggered, where it came from, and so forth. The list of rules that we employ is regularly updated as to match any new threats which may appear on the Internet and it features both commercial rules that we get from a security firm and custom-written ones which our administrators add in case they find a threat that's not present inside the commercial list yet.
ModSecurity in VPS Servers
ModSecurity is pre-installed on all VPS servers
that are set up with the Hepsia hosting Control Panel, so your web applications shall be protected from the second your server is ready. The firewall is switched on by default for any domain or subdomain on the VPS, but if required, you can deactivate it with a click of your mouse via the corresponding section of Hepsia. You could also set it to work in detection mode, so it will keep an extensive log of any possible attacks without taking any action to stop them. The logs are available in the exact same section and include info about the nature of the attack, what IP address it came from and what ModSecurity rule was activated to stop it. For maximum security, we use not only commercial rules from a company operating in the field of web security, but also custom ones our administrators include personally in order to respond to new threats which are still not tackled in the commercial rules.
ModSecurity in Dedicated Servers
ModSecurity is included with all dedicated servers
that are integrated with our Hepsia CP and you won't need to do anything specific on your end to use it since it is enabled by default whenever you add a new domain or subdomain on your web server. In the event that it interferes with some of your programs, you'll be able to stop it via the respective area of Hepsia, or you could leave it in passive mode, so it shall identify attacks and will still maintain a log for them, but will not block them. You'll be able to analyze the logs later to determine what you can do to increase the security of your Internet sites since you'll find info such as where an intrusion attempt originated from, what site was attacked and in accordance with what rule ModSecurity reacted, etc. The rules that we employ are commercial, therefore they're frequently updated by a security provider, but to be on the safe side, our administrators also add custom rules once in a while as to respond to any new threats they have found.