ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its operation and in case it identifies an intrusion attempt, it blocks it. The firewall furthermore keeps a more thorough log for the site visitors than any server does, so you shall be able to keep track of what is happening with your websites much better than if you rely simply on conventional logs. ModSecurity uses security rules based on which it prevents attacks. For instance, it detects whether somebody is trying to log in to the admin area of a specific script several times or if a request is sent to execute a file with a certain command. In these instances these attempts trigger the corresponding rules and the software blocks the attempts in real time, after that records detailed details about them inside its logs. ModSecurity is among the most effective software firewalls on the market and it can protect your web applications against a huge number of threats and vulnerabilities, especially if you don’t update them or their plugins regularly.
ModSecurity in Web Hosting
We provide ModSecurity with all web hosting
plans, so your web applications shall be resistant to destructive attacks. The firewall is switched on by default for all domains and subdomains, but in case you'd like, you will be able to stop it via the respective section of your Hepsia CP. You could also switch on a detection mode, so ModSecurity shall keep a log as intended, but will not take any action. The logs which you will find in Hepsia are very detailed and include info about the nature of any attack, when it happened and from what IP address, the firewall rule which was triggered, and so on. We employ a group of commercial rules which are regularly updated, but sometimes our admins add custom rules as well in order to efficiently protect the Internet sites hosted on our machines.
ModSecurity in Semi-dedicated Servers
We have incorporated ModSecurity as a standard inside all semi-dedicated server
packages, so your web apps will be protected whenever you install them under any domain or subdomain. The Hepsia Control Panel which comes with the semi-dedicated accounts will allow you to enable or disable the firewall for any website with a click. You'll also have the ability to activate a passive detection mode in which ModSecurity will keep a log of potential attacks without really stopping them. The detailed logs include things like the nature of the attack and what ModSecurity response that attack generated, where it came from, etc. The list of rules which we employ is constantly updated in order to match any new threats that could appear on the Internet and it consists of both commercial rules that we get from a security firm and custom-written ones that our admins add in case they discover a threat that is not present within the commercial list yet.
ModSecurity in VPS Servers
ModSecurity comes with all Hepsia-based VPS servers
which we offer and it shall be activated automatically for any new domain or subdomain which you add on the web server. That way, any web app that you install will be protected right from the start without doing anything personally on your end. The firewall can be managed via the section of the CP which bears the same name. This is the location in whichyou'll be able to disable ModSecurity or enable its passive mode, so it won't take any action against threats, but will still maintain a detailed log. The recorded information is available within the same area as well and you'll be able to see what IPs any attacks originated from so that you stop them, what the nature of the attempted attacks was and based on what security rules ModSecurity reacted. The rules that we employ on our servers are a blend between commercial ones we obtain from a security company and custom ones that are added by our admins to enhance the security of any web apps hosted on our end.
ModSecurity in Dedicated Servers
When you decide to host your Internet sites on a dedicated server
with the Hepsia CP, your web apps will be secured immediately since ModSecurity is supplied with all Hepsia-based plans. You will be able to control the firewall effortlessly and if required, you shall be able to turn it off or switch on its passive mode when it shall only keep a log of what's going on without taking any action to stop potential attacks. The logs that you will find within the same section of the Control Panel are incredibly detailed and feature data about the attacker IP, what website and file were attacked and in what way, what rule the firewall used to stop the intrusion, etc. This data will allow you to take measures and increase the protection of your websites even more. To be on the safe side, we use not only commercial rules, but also custom-made ones that our administrators add when they detect attacks which have not yet been included within the commercial pack.