Learn what ModSecurity actually is, what it does and what actually it does to protect your web sites and applications.
ModSecurity is a highly effective firewall for Apache web servers that is employed to prevent attacks toward web applications. It tracks the HTTP traffic to a given website in real time and stops any intrusion attempts as soon as it discovers them. The firewall uses a set of rules to do this - as an example, attempting to log in to a script admin area without success a few times sets off one rule, sending a request to execute a certain file which may result in accessing the website triggers a different rule, etcetera. ModSecurity is one of the best firewalls available and it will preserve even scripts which aren't updated often since it can prevent attackers from employing known exploits and security holes. Very comprehensive data about every intrusion attempt is recorded and the logs the firewall keeps are far more specific than the standard logs created by the Apache server, so you may later examine them and decide if you need to take more measures so as to boost the safety of your script-driven websites.
ModSecurity in Cloud Website Hosting
ModSecurity is available with each cloud website hosting
package which we offer and it is switched on by default for any domain or subdomain which you include through your Hepsia CP. In case it interferes with any of your applications or you'd like to disable it for any reason, you shall be able to do that through the ModSecurity area of Hepsia with just a mouse click. You may also enable a passive mode, so the firewall will recognize possible attacks and maintain a log, but won't take any action. You'll be able to view comprehensive logs in the same section, including the IP where the attack came from, what precisely the attacker attempted to do and at what time, what ModSecurity did, and so forth. For maximum protection of our customers we use a set of commercial firewall rules blended with custom ones which are added by our system admins.
ModSecurity in Semi-dedicated Servers
We have incorporated ModSecurity as a standard in all semi-dedicated server
plans, so your web apps shall be protected as soon as you set them up under any domain or subdomain. The Hepsia CP which is included with the semi-dedicated accounts will allow you to activate or disable the firewall for any Internet site with a click. You shall also be able to switch on a passive detection mode with which ModSecurity will keep a log of possible attacks without really stopping them. The detailed logs include the nature of the attack and what ModSecurity response this attack triggered, where it originated from, etcetera. The list of rules we employ is constantly updated in order to match any new threats which could appear on the Internet and it comes with both commercial rules that we get from a security company and custom-written ones which our admins add in case they discover a threat that's not present in the commercial list yet.
ModSecurity in VPS Servers
Protection is extremely important to us, so we install ModSecurity on all VPS servers
which are set up with the Hepsia Control Panel by default. The firewall can be managed via a dedicated section inside Hepsia and is switched on automatically when you add a new domain or generate a subdomain, so you'll not have to do anything personally. You shall also be able to disable it or switch on the so-called detection mode, so it shall keep a log of potential attacks which you can later analyze, but won't stop them. The logs in both passive and active modes contain info regarding the form of the attack and how it was eliminated, what IP address it originated from and other important information which could help you to tighten the security of your websites by updating them or blocking IPs, for instance. Beyond the commercial rules which we get for ModSecurity from a third-party security company, we also implement our own rules because every now and then we identify specific attacks that aren't yet present within the commercial pack. That way, we can easily improve the security of your Virtual private server in a timely manner instead of waiting for a certified update.
ModSecurity in Dedicated Servers
ModSecurity is included with all dedicated servers
which are set up with our Hepsia CP and you'll not need to do anything specific on your end to employ it as it's turned on by default every time you add a new domain or subdomain on your web server. In the event that it interferes with some of your apps, you shall be able to stop it through the respective area of Hepsia, or you can leave it working in passive mode, so it'll detect attacks and shall still keep a log for them, but shall not block them. You'll be able to analyze the logs later to learn what you can do to increase the safety of your websites as you will find details such as where an intrusion attempt originated from, what site was attacked and based on what rule ModSecurity responded, etcetera. The rules that we use are commercial, thus they are frequently updated by a security provider, but to be on the safe side, our admins also include custom rules every now and then as to respond to any new threats they have found.