ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It is used to prevent attacks toward script-driven websites by using security rules which contain specific expressions. This way, the firewall can stop hacking and spamming attempts and preserve even sites that are not updated frequently. For example, a number of unsuccessful login attempts to a script administrator area or attempts to execute a particular file with the intention to get access to the script shall trigger certain rules, so ModSecurity will block these activities the minute it discovers them. The firewall is extremely efficient as it tracks the whole HTTP traffic to an Internet site in real time without slowing it down, so it could prevent an attack before any harm is done. It furthermore maintains a very comprehensive log of all attack attempts which features more info than traditional Apache logs, so you could later check out the data and take further measures to improve the security of your sites if needed.
ModSecurity in Cloud Website Hosting
ModSecurity comes by default with all cloud website hosting packages that we provide and it'll be turned on automatically for any domain or subdomain which you add/create in your Hepsia hosting Control Panel. The firewall has 3 different modes, so you could activate and disable it with just a click or set it to detection mode, so it will keep a log of all attacks, but it'll not do anything to stop them. The log for any of your websites will include elaborate info which includes the nature of the attack, where it originated from, what action was taken by ModSecurity, etcetera. The firewall rules we use are frequently updated and include both commercial ones we get from a third-party security business and custom ones that our system administrators add in case that they detect a new kind of attacks. In this way, the Internet sites you host here will be way more protected with no action expected on your end.
ModSecurity in Semi-dedicated Servers
Any web app that you set up in your new semi-dedicated server account will be protected by ModSecurity because the firewall comes with all our hosting plans and is turned on by default for any domain and subdomain that you add or create using your Hepsia hosting Control Panel. You will be able to manage ModSecurity through a dedicated section within Hepsia where not simply could you activate or deactivate it completely, but you may also enable a passive mode, so the firewall won't block anything, but it will still keep an archive of potential attacks. This requires simply a click and you shall be able to see the logs no matter if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was addressed, and so on. The firewall employs 2 groups of rules on our web servers - a commercial one that we get from a third-party web security firm and a custom one which our admins update manually in order to respond to newly discovered risks as fast as possible.
ModSecurity in Dedicated Servers
ModSecurity is offered by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain which you create on the server. In case that a web application doesn't operate correctly, you could either switch off the firewall or set it to work in passive mode. The second means that ModSecurity will maintain a log of any possible attack that may take place, but shall not take any action to prevent it. The logs generated in passive or active mode shall give you additional details about the exact file which was attacked, the form of the attack and the IP it came from, etc. This data will enable you to determine what measures you can take to boost the safety of your sites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules which we use are updated frequently with a commercial bundle from a third-party security firm we work with, but from time to time our administrators add their own rules as well in case they find a new potential threat.