Find out what ModSecurity is, how it works and what exactly it does so as to protect your websites and applications.
ModSecurity is an efficient firewall for Apache web servers that is used to prevent attacks towards web apps. It keeps track of the HTTP traffic to a certain site in real time and prevents any intrusion attempts as soon as it discovers them. The firewall relies on a set of rules to do this - as an illustration, attempting to log in to a script admin area unsuccessfully several times sets off one rule, sending a request to execute a certain file which could result in getting access to the website triggers another rule, and so on. ModSecurity is one of the best firewalls out there and it'll protect even scripts that are not updated often as it can prevent attackers from employing known exploits and security holes. Very thorough information about each and every intrusion attempt is recorded and the logs the firewall maintains are considerably more specific than the conventional logs generated by the Apache server, so you can later take a look at them and decide whether you need to take extra measures so as to improve the security of your script-driven websites.
ModSecurity in Shared Website Hosting
We provide ModSecurity with all shared website hosting
packages, so your web applications shall be protected against malicious attacks. The firewall is activated by default for all domains and subdomains, but if you'd like, you will be able to stop it using the respective section of your Hepsia CP. You'll be able to also activate a detection mode, so ModSecurity shall keep a log as intended, but won't take any action. The logs which you'll find inside Hepsia are incredibly detailed and offer information about the nature of any attack, when it occurred and from what IP address, the firewall rule which was triggered, etcetera. We employ a set of commercial rules which are frequently updated, but sometimes our administrators add custom rules as well so as to better protect the sites hosted on our machines.
ModSecurity in Semi-dedicated Servers
All semi-dedicated server
solutions that we offer feature ModSecurity and given that the firewall is turned on by default, any website which you create under a domain or a subdomain shall be secured right away. A separate section within the Hepsia Control Panel which comes with the semi-dedicated accounts is dedicated to ModSecurity and it'll enable you to start and stop the firewall for any Internet site or enable a detection mode. With the last option, ModSecurity will not take any action, but it shall still detect possible attacks and shall keep all info in a log as if it were fully active. The logs could be found within the same section of the Control Panel and they feature information regarding the IP where an attack came from, what its nature was, what rule ModSecurity applies to identify and stop it, etcetera. The security rules which we use on our web servers are a mix between commercial ones from a security firm and custom ones created by our system admins. For that reason, we offer greater security for your web applications as we can shield them from attacks before security businesses release updates for new threats.
ModSecurity in VPS Servers
All VPS servers
which are set up with the Hepsia CP include ModSecurity. The firewall is installed and activated by default for all domains that are hosted on the server, so there shall not be anything special which you will have to do to protect your websites. It will take you only a click to stop ModSecurity if necessary or to activate its passive mode so that it records what happens without taking any measures to prevent intrusions. You'll be able to view the logs produced in passive or active mode via the corresponding section of Hepsia and find out more about the type of the attack, where it originated from, what rule the firewall used to handle it, and so forth. We employ a mix of commercial and custom rules so as to make certain that ModSecurity will stop as many risks as possible, therefore increasing the security of your web applications as much as possible.
ModSecurity in Dedicated Servers
ModSecurity is included with all dedicated servers
that are set up with our Hepsia CP and you'll not have to do anything specific on your end to employ it since it is activated by default each time you add a new domain or subdomain on your server. In the event that it disrupts any of your applications, you will be able to stop it via the respective part of Hepsia, or you may leave it operating in passive mode, so it will recognize attacks and shall still keep a log for them, but will not stop them. You could analyze the logs later to learn what you can do to enhance the security of your sites as you will find details such as where an intrusion attempt came from, what website was attacked and based upon what rule ModSecurity responded, and so forth. The rules we use are commercial, therefore they're constantly updated by a security provider, but to be on the safe side, our administrators also add custom rules from time to time in order to deal with any new threats they have found.