ModSecurity is a powerful firewall for Apache web servers that's employed to stop attacks toward web apps. It monitors the HTTP traffic to a given website in real time and stops any intrusion attempts the instant it detects them. The firewall relies on a set of rules to do that - for example, trying to log in to a script administrator area unsuccessfully several times triggers one rule, sending a request to execute a specific file that may result in accessing the website triggers another rule, and so forth. ModSecurity is one of the best firewalls available on the market and it will protect even scripts which are not updated on a regular basis as it can prevent attackers from using known exploits and security holes. Incredibly thorough data about each intrusion attempt is recorded and the logs the firewall keeps are far more detailed than the conventional logs provided by the Apache server, so you can later analyze them and decide whether you need to take more measures in order to increase the safety of your script-driven Internet sites.
ModSecurity in Shared Hosting
We provide ModSecurity with all shared hosting solutions, so your web apps will be shielded from destructive attacks. The firewall is turned on as standard for all domains and subdomains, but if you'd like, you shall be able to stop it through the respective part of your Hepsia CP. You could also switch on a detection mode, so ModSecurity shall keep a log as intended, but won't take any action. The logs that you shall find in Hepsia are extremely detailed and feature information about the nature of any attack, when it took place and from what IP address, the firewall rule which was triggered, etc. We use a group of commercial rules that are regularly updated, but sometimes our admins add custom rules as well in order to efficiently protect the sites hosted on our machines.
ModSecurity in Semi-dedicated Servers
ModSecurity is a part of our semi-dedicated server packages and if you choose to host your sites with our company, there will not be anything special you will have to do as the firewall is switched on by default for all domains and subdomains that you include via your hosting CP. If needed, you could disable ModSecurity for a certain Internet site or turn on the so-called detection mode in which case the firewall will still operate and record data, but shall not do anything to prevent possible attacks against your Internet sites. In depth logs will be available in your CP and you'll be able to see which kind of attacks happened, what security rules were triggered and how the firewall handled the threats, what IP addresses the attacks came from, and so on. We employ 2 sorts of rules on our servers - commercial ones from a business which operates in the field of web security, and custom ones that our admins sometimes include to respond to newly found risks on time.
ModSecurity in Dedicated Servers
ModSecurity is available as standard with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain which you create on the server. In case that a web app does not operate properly, you could either switch off the firewall or set it to work in passive mode. The second means that ModSecurity shall maintain a log of any possible attack which could take place, but will not take any action to prevent it. The logs generated in active or passive mode will give you additional details about the exact file that was attacked, the form of the attack and the IP it came from, and so on. This information will enable you to determine what measures you can take to improve the protection of your websites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules we use are updated often with a commercial bundle from a third-party security enterprise we work with, but from time to time our admins include their own rules too in the event that they discover a new potential threat.