ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It is employed to stop attacks toward script-driven Internet sites through the use of security rules that contain particular expressions. This way, the firewall can prevent hacking and spamming attempts and preserve even sites which aren't updated regularly. For example, multiple unsuccessful login attempts to a script administrative area or attempts to execute a specific file with the objective to get access to the script will trigger certain rules, so ModSecurity will block out these activities the moment it discovers them. The firewall is incredibly efficient because it screens the entire HTTP traffic to an Internet site in real time without slowing it down, so it will be able to prevent an attack before any harm is done. It also keeps an incredibly thorough log of all attack attempts which includes more info than conventional Apache logs, so you can later examine the data and take further measures to boost the security of your Internet sites if necessary.
ModSecurity in Cloud Web Hosting
ModSecurity is offered with every single cloud web hosting plan which we offer and it is switched on by default for any domain or subdomain which you include via your Hepsia CP. If it disrupts any of your programs or you would like to disable it for some reason, you'll be able to achieve that through the ModSecurity area of Hepsia with only a click. You could also use a passive mode, so the firewall will identify potential attacks and maintain a log, but shall not take any action. You can view detailed logs in the same section, including the IP where the attack originated from, exactly what the attacker tried to do and at what time, what ModSecurity did, etc. For maximum safety of our customers we use a set of commercial firewall rules blended with custom ones that are included by our system admins.
ModSecurity in Semi-dedicated Servers
Any web application you set up within your new semi-dedicated server account will be protected by ModSecurity since the firewall is provided with all our hosting solutions and is turned on by default for any domain and subdomain you add or create through your Hepsia hosting Control Panel. You will be able to manage ModSecurity through a dedicated section within Hepsia where not only could you activate or deactivate it fully, but you may also switch on a passive mode, so the firewall shall not block anything, but it shall still keep a record of potential attacks. This takes only a click and you shall be able to view the logs no matter if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was dealt with, etcetera. The firewall uses two sets of rules on our web servers - a commercial one that we get from a third-party web security firm and a custom one which our admins update personally in order to respond to recently discovered risks as fast as possible.
ModSecurity in VPS Servers
All VPS servers that are offered with the Hepsia Control Panel include ModSecurity. The firewall is installed and switched on by default for all domains that are hosted on the machine, so there will not be anything special that you will have to do to protect your sites. It shall take you just a click to stop ModSecurity if required or to switch on its passive mode so that it records what goes on without taking any steps to stop intrusions. You shall be able to view the logs generated in passive or active mode via the corresponding section of Hepsia and learn more about the type of the attack, where it came from, what rule the firewall used to handle it, and so forth. We use a mixture of commercial and custom rules so as to make certain that ModSecurity shall prevent as many risks as possible, consequently boosting the protection of your web apps as much as possible.
ModSecurity in Dedicated Servers
ModSecurity is provided with all dedicated servers which are integrated with our Hepsia Control Panel and you'll not have to do anything specific on your end to employ it because it's turned on by default each time you add a new domain or subdomain on your server. In the event that it disrupts any of your apps, you will be able to stop it through the respective section of Hepsia, or you can leave it working in passive mode, so it shall detect attacks and will still keep a log for them, but shall not block them. You may look at the logs later to find out what you can do to boost the protection of your websites since you will find information such as where an intrusion attempt came from, what Internet site was attacked and in accordance with what rule ModSecurity responded, and so forth. The rules which we use are commercial, thus they're frequently updated by a security provider, but to be on the safe side, our admins also include custom rules once in a while as to respond to any new threats they have discovered.