Find out what ModSecurity actually is, the way it works and what actually it can do to defend your web sites and applications.
ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its operation and in case it discovers an intrusion attempt, it prevents it. The firewall additionally maintains a more detailed log for the website visitors than any web server does, so you will be able to monitor what is going on with your websites a lot better than if you rely simply on standard logs. ModSecurity uses security rules based on which it stops attacks. For example, it detects if somebody is attempting to log in to the admin area of a specific script several times or if a request is sent to execute a file with a particular command. In such cases these attempts trigger the corresponding rules and the firewall program blocks the attempts immediately, then records detailed details about them inside its logs. ModSecurity is among the very best software firewalls out there and it can protect your web apps against many threats and vulnerabilities, especially if you don’t update them or their plugins regularly.
ModSecurity in Hosting
We offer ModSecurity with all hosting
solutions, so your Internet applications shall be protected against malicious attacks. The firewall is turned on by default for all domains and subdomains, but in case you would like, you shall be able to stop it through the respective part of your Hepsia CP. You could also switch on a detection mode, so ModSecurity will keep a log as intended, but shall not take any action. The logs that you shall discover inside Hepsia are extremely detailed and offer info about the nature of any attack, when it took place and from what IP address, the firewall rule which was triggered, etc. We use a range of commercial rules which are frequently updated, but sometimes our admins include custom rules as well so as to better protect the Internet sites hosted on our servers.
ModSecurity in Semi-dedicated Servers
Any web application you install within your new semi-dedicated server
account will be protected by ModSecurity because the firewall is provided with all our hosting plans and is switched on by default for any domain and subdomain which you include or create using your Hepsia hosting Control Panel. You'll be able to manage ModSecurity through a dedicated section within Hepsia where not simply can you activate or deactivate it fully, but you could also activate a passive mode, so the firewall will not block anything, but it will still keep a record of potential attacks. This normally requires simply a mouse click and you'll be able to view the logs regardless of if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was taken care of, and so forth. The firewall employs 2 groups of rules on our machines - a commercial one that we get from a third-party web security firm and a custom one which our admins update manually in order to respond to newly discovered risks immediately.
ModSecurity in VPS Servers
ModSecurity comes with all Hepsia-based VPS servers
we offer and it shall be activated automatically for any new domain or subdomain you add on the machine. In this way, any web application that you install shall be secured from the very beginning without doing anything by hand on your end. The firewall could be handled via the section of the CP that bears the same name. This is the area whereyou'll be able to turn off ModSecurity or enable its passive mode, so it will not take any action against threats, but will still maintain a thorough log. The recorded data is available in the same section as well and you shall be able to see what IPs any attacks originated from so that you can stop them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity reacted. The rules we use on our servers are a combination between commercial ones that we get from a security company and custom ones which are added by our administrators to optimize the security of any web applications hosted on our end.
ModSecurity in Dedicated Servers
ModSecurity is provided as standard with all dedicated servers
which are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain which you create on the hosting server. Just in case that a web application doesn't function properly, you may either switch off the firewall or set it to operate in passive mode. The second means that ModSecurity will keep a log of any possible attack that might happen, but will not take any action to prevent it. The logs produced in passive or active mode shall provide you with additional details about the exact file which was attacked, the nature of the attack and the IP address it originated from, and so forth. This info will enable you to choose what measures you can take to improve the security of your Internet sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules we employ are updated regularly with a commercial pack from a third-party security company we work with, but from time to time our administrators add their own rules too if they identify a new potential threat.