ModSecurity
Learn what ModSecurity is, how it functions and what exactly it does to protect your websites and apps.
ModSecurity is a highly effective firewall for Apache web servers which is employed to prevent attacks towards web applications. It monitors the HTTP traffic to a given website in real time and blocks any intrusion attempts as soon as it identifies them. The firewall uses a set of rules to do this - as an illustration, attempting to log in to a script administration area unsuccessfully many times activates one rule, sending a request to execute a particular file that may result in gaining access to the website triggers a different rule, and so on. ModSecurity is among the best firewalls around and it will secure even scripts that are not updated frequently as it can prevent attackers from using known exploits and security holes. Very comprehensive data about each intrusion attempt is recorded and the logs the firewall keeps are considerably more specific than the standard logs created by the Apache server, so you may later examine them and determine if you need to take additional measures so as to enhance the security of your script-driven sites.
-
ModSecurity in Website Hosting
ModSecurity comes standard with all
website hosting solutions which we offer and it shall be activated automatically for any domain or subdomain that you add/create within your Hepsia hosting Control Panel. The firewall has 3 different modes, so you could switch on and deactivate it with only a click or set it to detection mode, so it will maintain a log of all attacks, but it will not do anything to prevent them. The log for any of your Internet sites shall feature detailed information such as the nature of the attack, where it originated from, what action was taken by ModSecurity, and so forth. The firewall rules which we use are frequently updated and include both commercial ones which we get from a third-party security firm and custom ones that our system administrators add in case that they detect a new kind of attacks. This way, the websites that you host here shall be much more protected without any action needed on your end.
-
ModSecurity in Semi-dedicated Servers
All
semi-dedicated server plans which we offer come with ModSecurity and given that the firewall is enabled by default, any Internet site that you create under a domain or a subdomain will be protected right away. An individual section in the Hepsia Control Panel which comes with the semi-dedicated accounts is dedicated to ModSecurity and it will enable you to stop and start the firewall for any Internet site or switch on a detection mode. With the last mentioned, ModSecurity won't take any action, but it shall still recognize possible attacks and will keep all info inside a log as if it were fully active. The logs can be found in the very same section of the CP and they feature info about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to identify and stop it, and so on. The security rules we employ on our servers are a mix between commercial ones from a security business and custom ones created by our system administrators. Consequently, we provide increased security for your web programs as we can protect them from attacks before security businesses release updates for brand new threats.
-
ModSecurity in VPS Servers
ModSecurity is pre-installed on all
VPS servers which are offered with the Hepsia hosting Control Panel, so your web applications shall be protected from the moment your server is in a position. The firewall is activated by default for any domain or subdomain on the VPS, but if necessary, you'll be able to deactivate it with a click of your mouse via the corresponding section of Hepsia. You could also set it to operate in detection mode, so it shall keep a detailed log of any possible attacks without taking any action to stop them. The logs are available inside the same section and offer information about the nature of the attack, what IP address it came from and what ModSecurity rule was activated to stop it. For best security, we use not simply commercial rules from a firm operating in the field of web security, but also custom ones which our admins add manually so as to respond to new risks that are still not addressed in the commercial rules.
-
ModSecurity in Dedicated Servers
ModSecurity is offered by default with all
dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain that you create on the hosting server. Just in case that a web app does not function adequately, you may either disable the firewall or set it to operate in passive mode. The second means that ModSecurity shall maintain a log of any potential attack which might occur, but shall not take any action to prevent it. The logs created in passive or active mode will give you more details about the exact file that was attacked, the type of the attack and the IP address it originated from, etc. This data will allow you to determine what measures you can take to boost the protection of your websites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we employ are updated frequently with a commercial package from a third-party security enterprise we work with, but occasionally our staff include their own rules too in the event that they identify a new potential threat.