ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It is employed to prevent attacks towards script-driven sites by employing security rules that contain particular expressions. That way, the firewall can prevent hacking and spamming attempts and shield even sites that are not updated often. For instance, numerous unsuccessful login attempts to a script administrator area or attempts to execute a particular file with the objective to get access to the script will trigger particular rules, so ModSecurity will block these activities the instant it identifies them. The firewall is quite efficient as it monitors the whole HTTP traffic to a website in real time without slowing it down, so it will be able to stop an attack before any harm is done. It also keeps a very detailed log of all attack attempts which features more info than standard Apache logs, so you could later check out the data and take extra measures to improve the security of your sites if required.
ModSecurity in Website Hosting
ModSecurity is supplied with all website hosting servers, so when you opt to host your Internet sites with our organization, they shall be protected against an array of attacks. The firewall is enabled as standard for all domains and subdomains, so there'll be nothing you'll have to do on your end. You will be able to stop ModSecurity for any Internet site if necessary, or to switch on a detection mode, so that all activity shall be recorded, but the firewall shall not take any real action. You'll be able to view specific logs from your Hepsia Control Panel including the IP address where the attack originated from, what the attacker wished to do and how ModSecurity dealt with the threat. As we take the security of our customers' websites seriously, we employ a set of commercial rules which we take from one of the leading firms that maintain such rules. Our administrators also add custom rules to make sure that your sites will be protected against as many risks as possible.
ModSecurity in Semi-dedicated Servers
ModSecurity is part of our semi-dedicated server plans and if you opt to host your websites with our company, there won't be anything special you'll have to do since the firewall is turned on by default for all domains and subdomains which you include using your hosting CP. If necessary, you could disable ModSecurity for a certain website or switch on the so-called detection mode in which case the firewall will still function and record info, but won't do anything to prevent potential attacks on your Internet sites. In depth logs shall be available within your Control Panel and you'll be able to see which kind of attacks took place, what security rules were triggered and how the firewall handled the threats, what IP addresses the attacks originated from, and so forth. We employ 2 sorts of rules on our servers - commercial ones from a company that operates in the field of web security, and custom made ones which our administrators sometimes include to respond to newly discovered risks promptly.
ModSecurity in Dedicated Servers
ModSecurity is available by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain that you create on the hosting server. Just in case that a web application doesn't operate adequately, you can either disable the firewall or set it to work in passive mode. The latter means that ModSecurity will maintain a log of any possible attack that could take place, but won't take any action to prevent it. The logs produced in passive or active mode shall offer you additional details about the exact file that was attacked, the type of the attack and the IP address it originated from, and so on. This info shall permit you to determine what steps you can take to improve the protection of your Internet sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules that we use are updated frequently with a commercial bundle from a third-party security firm we work with, but oftentimes our administrators include their own rules as well when they discover a new potential threat.