ModSecurity is a plugin for Apache web servers that acts as a web application layer firewall. It's used to stop attacks toward script-driven websites through the use of security rules which contain specific expressions. That way, the firewall can block hacking and spamming attempts and protect even Internet sites that are not updated frequently. As an example, multiple failed login attempts to a script administrative area or attempts to execute a particular file with the purpose to get access to the script shall trigger particular rules, so ModSecurity will block these activities the second it detects them. The firewall is extremely efficient as it screens the whole HTTP traffic to a website in real time without slowing it down, so it can prevent an attack before any harm is done. It furthermore keeps an incredibly comprehensive log of all attack attempts which features more information than standard Apache logs, so you can later analyze the data and take additional measures to increase the security of your sites if needed.
ModSecurity in Web Hosting
ModSecurity can be found with each and every web hosting plan that we provide and it is activated by default for any domain or subdomain that you add through your Hepsia CP. In case it disrupts any of your applications or you'd like to disable it for whatever reason, you will be able to do that through the ModSecurity area of Hepsia with just a click. You can also activate a passive mode, so the firewall will recognize possible attacks and maintain a log, but shall not take any action. You'll be able to view comprehensive logs in the same section, including the IP where the attack originated from, what exactly the attacker attempted to do and at what time, what ModSecurity did, and so forth. For optimum protection of our customers we use a collection of commercial firewall rules mixed with custom ones that are added by our system admins.
ModSecurity in Semi-dedicated Servers
All semi-dedicated server packages that we offer feature ModSecurity and because the firewall is enabled by default, any site you create under a domain or a subdomain will be protected straight away. An individual section in the Hepsia Control Panel that comes with the semi-dedicated accounts is dedicated to ModSecurity and it will enable you to stop and start the firewall for any site or enable a detection mode. With the latter, ModSecurity shall not take any action, but it shall still recognize possible attacks and will keep all data inside a log as if it were completely active. The logs can be found inside the exact same section of the Control Panel and they feature information regarding the IP where an attack came from, what its nature was, what rule ModSecurity applies to identify and stop it, and so on. The security rules we use on our web servers are a mix between commercial ones from a security business and custom ones made by our system admins. As a result, we offer increased security for your web programs as we can protect them from attacks even before security corporations release updates for brand new threats.
ModSecurity in Dedicated Servers
ModSecurity is offered as standard with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain you create on the hosting server. Just in case that a web application does not function properly, you may either switch off the firewall or set it to operate in passive mode. The second means that ModSecurity shall keep a log of any possible attack that may happen, but shall not take any action to prevent it. The logs created in passive or active mode will offer you additional details about the exact file which was attacked, the nature of the attack and the IP it originated from, etc. This information shall permit you to decide what measures you can take to improve the protection of your websites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules which we use are updated frequently with a commercial pack from a third-party security provider we work with, but occasionally our admins include their own rules as well in case they identify a new potential threat.