Find out what ModSecurity is in fact, the way it works and just what exactly it can do to defend your sites and applications.
ModSecurity is a plugin for Apache web servers which acts as a web application layer firewall. It is employed to stop attacks against script-driven websites by employing security rules that contain particular expressions. In this way, the firewall can block hacking and spamming attempts and preserve even Internet sites that aren't updated on a regular basis. For example, a number of failed login attempts to a script administrative area or attempts to execute a specific file with the objective to get access to the script will trigger particular rules, so ModSecurity shall block out these activities the second it identifies them. The firewall is incredibly efficient because it screens the whole HTTP traffic to a website in real time without slowing it down, so it can easily stop an attack before any harm is done. It also maintains an incredibly comprehensive log of all attack attempts that includes more info than traditional Apache logs, so you can later analyze the data and take additional measures to enhance the security of your sites if necessary.
ModSecurity in Shared Hosting
ModSecurity is available with every single shared hosting
plan which we provide and it's activated by default for every domain or subdomain that you include via your Hepsia CP. In the event that it disrupts any of your programs or you would like to disable it for any reason, you'll be able to accomplish that through the ModSecurity section of Hepsia with merely a click. You can also activate a passive mode, so the firewall will recognize potential attacks and maintain a log, but won't take any action. You'll be able to see comprehensive logs in the very same section, including the IP address where the attack originated from, what precisely the attacker aimed to do and at what time, what ModSecurity did, etc. For maximum security of our clients we use a group of commercial firewall rules blended with custom ones that are included by our system administrators.
ModSecurity in Semi-dedicated Servers
ModSecurity is part of our semi-dedicated server
plans and if you choose to host your sites with our company, there will not be anything special you'll have to do since the firewall is switched on by default for all domains and subdomains which you add through your hosting CP. If required, you'll be able to disable ModSecurity for a given site or switch on the so-called detection mode in which case the firewall will still work and record data, but won't do anything to prevent possible attacks against your Internet sites. In depth logs shall be available inside your Control Panel and you shall be able to see what type of attacks occurred, what security rules were triggered and how the firewall dealt with the threats, what IP addresses the attacks originated from, etc. We use two types of rules on our servers - commercial ones from a firm which operates in the field of web security, and custom made ones which our admins often add to respond to newly identified threats on time.
ModSecurity in VPS Servers
ModSecurity is included with all Hepsia-based VPS servers
we offer and it will be turned on automatically for any new domain or subdomain you include on the web server. That way, any web application which you install will be secured right from the start without doing anything manually on your end. The firewall may be handled from the section of the Control Panel that bears the same name. This is the location whereyou'll be able to disable ModSecurity or let its passive mode, so it won't take any action toward threats, but shall still maintain a comprehensive log. The recorded data is available in the same area as well and you shall be able to see what IPs any attacks came from to enable you to stop them, what the nature of the attempted attacks was and based upon what security rules ModSecurity reacted. The rules that we use on our servers are a mix between commercial ones which we obtain from a security organization and custom ones that are included by our staff to optimize the protection of any web apps hosted on our end.
ModSecurity in Dedicated Servers
ModSecurity is available by default with all dedicated servers
which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain that you create on the hosting server. In case that a web application doesn't work adequately, you can either switch off the firewall or set it to operate in passive mode. The second means that ModSecurity shall maintain a log of any potential attack which may take place, but will not take any action to stop it. The logs produced in passive or active mode shall give you additional details about the exact file which was attacked, the form of the attack and the IP it came from, and so on. This data will enable you to determine what actions you can take to boost the protection of your websites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules we employ are updated often with a commercial pack from a third-party security provider we work with, but sometimes our admins include their own rules too in case they come across a new potential threat.