Learn what ModSecurity is, how it works and what exactly it does to protect your web sites and apps.
ModSecurity is a powerful web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to an Internet site without affecting its performance and in case it detects an intrusion attempt, it blocks it. The firewall also keeps a more thorough log for the traffic than any server does, so you will manage to monitor what's happening with your sites much better than if you rely merely on conventional logs. ModSecurity works with security rules based on which it helps prevent attacks. For instance, it recognizes if someone is trying to log in to the administration area of a particular script several times or if a request is sent to execute a file with a certain command. In these instances these attempts set off the corresponding rules and the software blocks the attempts right away, and then records comprehensive details about them in its logs. ModSecurity is among the best software firewalls available and it can protect your web apps against a huge number of threats and vulnerabilities, especially if you don’t update them or their plugins often.
ModSecurity in Cloud Web Hosting
We offer ModSecurity with all cloud web hosting
packages, so your Internet applications will be shielded from destructive attacks. The firewall is switched on as standard for all domains and subdomains, but in case you'd like, you will be able to stop it through the respective section of your Hepsia Control Panel. You could also switch on a detection mode, so ModSecurity will keep a log as intended, but shall not take any action. The logs that you will discover within Hepsia are extremely detailed and feature data about the nature of any attack, when it took place and from what IP address, the firewall rule that was triggered, etc. We employ a set of commercial rules which are frequently updated, but sometimes our admins add custom rules as well so as to efficiently protect the websites hosted on our servers.
ModSecurity in Semi-dedicated Hosting
All semi-dedicated hosting
plans that we offer include ModSecurity and because the firewall is enabled by default, any Internet site which you set up under a domain or a subdomain shall be protected right from the start. An individual section in the Hepsia Control Panel that comes with the semi-dedicated accounts is dedicated to ModSecurity and it'll permit you to stop and start the firewall for any Internet site or switch on a detection mode. With the last option, ModSecurity won't take any action, but it'll still recognize possible attacks and shall keep all data within a log as if it were completely active. The logs could be found in the same section of the CP and they feature details about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to identify and stop it, and so on. The security rules we employ on our web servers are a mix of commercial ones from a security firm and custom ones created by our system administrators. Consequently, we offer higher security for your web applications as we can shield them from attacks before security companies release updates for brand new threats.
ModSecurity in VPS
Security is essential to us, so we set up ModSecurity on all virtual private servers
which are made available with the Hepsia Control Panel by default. The firewall can be managed through a dedicated section within Hepsia and is switched on automatically when you add a new domain or generate a subdomain, so you'll not need to do anything manually. You'll also be able to deactivate it or activate the so-called detection mode, so it will maintain a log of possible attacks you can later study, but shall not stop them. The logs in both passive and active modes contain details regarding the kind of the attack and how it was stopped, what IP it originated from and other important information that may help you to tighten the security of your Internet sites by updating them or blocking IPs, for instance. Beyond the commercial rules which we get for ModSecurity from a third-party security firm, we also employ our own rules because from time to time we find specific attacks which aren't yet present within the commercial group. This way, we can easily increase the security of your Virtual private server immediately rather than waiting for a certified update.
ModSecurity in Dedicated Hosting
ModSecurity is available by default with all dedicated servers
which are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain that you create on the web server. In case that a web application doesn't function adequately, you can either switch off the firewall or set it to function in passive mode. The latter means that ModSecurity will maintain a log of any possible attack which may occur, but shall not take any action to prevent it. The logs produced in passive or active mode shall provide you with additional details about the exact file that was attacked, the nature of the attack and the IP address it originated from, etc. This info will enable you to decide what measures you can take to improve the protection of your Internet sites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules we use are updated regularly with a commercial package from a third-party security firm we work with, but from time to time our staff include their own rules too in the event that they come across a new potential threat.