ModSecurity is a plugin for Apache web servers which acts as a web application layer firewall. It is employed to stop attacks against script-driven Internet sites through the use of security rules which contain particular expressions. This way, the firewall can block hacking and spamming attempts and protect even sites that aren't updated regularly. For instance, multiple unsuccessful login attempts to a script admin area or attempts to execute a specific file with the objective to get access to the script will trigger specific rules, so ModSecurity will stop these activities the minute it discovers them. The firewall is incredibly efficient because it tracks the whole HTTP traffic to a website in real time without slowing it down, so it can prevent an attack before any harm is done. It also keeps an incredibly comprehensive log of all attack attempts which contains more information than standard Apache logs, so you could later examine the data and take extra measures to enhance the security of your sites if needed.
ModSecurity in Shared Hosting
ModSecurity is offered with each shared hosting solution which we provide and it's switched on by default for any domain or subdomain that you include through your Hepsia CP. In the event that it interferes with any of your applications or you would like to disable it for some reason, you will be able to do that through the ModSecurity area of Hepsia with simply a click. You can also enable a passive mode, so the firewall will detect potential attacks and keep a log, but shall not take any action. You'll be able to view comprehensive logs in the very same section, including the IP address where the attack came from, what exactly the attacker aimed to do and at what time, what ModSecurity did, and so on. For optimum safety of our customers we use a collection of commercial firewall rules combined with custom ones which are provided by our system administrators.
ModSecurity in Semi-dedicated Servers
Any web app you install inside your new semi-dedicated server account will be protected by ModSecurity because the firewall is provided with all our hosting packages and is activated by default for any domain and subdomain that you include or create via your Hepsia hosting Control Panel. You shall be able to manage ModSecurity via a dedicated area within Hepsia where not simply could you activate or deactivate it fully, but you could also enable a passive mode, so the firewall will not block anything, but it shall still keep a record of possible attacks. This takes simply a click and you'll be able to see the logs no matter if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was handled, and so forth. The firewall uses two groups of rules on our servers - a commercial one which we get from a third-party web security provider and a custom one which our admins update manually as to respond to newly discovered threats as quickly as possible.
ModSecurity in Dedicated Servers
ModSecurity is offered as standard with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain you create on the hosting server. In the event that a web app doesn't work properly, you may either switch off the firewall or set it to function in passive mode. The second means that ModSecurity shall keep a log of any potential attack which might take place, but will not take any action to stop it. The logs generated in active or passive mode will provide you with more details about the exact file that was attacked, the form of the attack and the IP it originated from, etcetera. This information will allow you to determine what measures you can take to improve the protection of your Internet sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules that we employ are updated regularly with a commercial bundle from a third-party security provider we work with, but from time to time our admins add their own rules also if they discover a new potential threat.