Find out what ModSecurity actually is, how it operates and precisely what it can do to shield your websites and applications.
ModSecurity is a highly effective firewall for Apache web servers that's employed to prevent attacks towards web applications. It tracks the HTTP traffic to a specific Internet site in real time and prevents any intrusion attempts the moment it detects them. The firewall uses a set of rules to do this - as an example, attempting to log in to a script administrator area without success several times triggers one rule, sending a request to execute a particular file which may result in gaining access to the Internet site triggers another rule, and so on. ModSecurity is amongst the best firewalls around and it will preserve even scripts that are not updated regularly as it can prevent attackers from using known exploits and security holes. Very thorough data about each and every intrusion attempt is recorded and the logs the firewall maintains are a lot more comprehensive than the standard logs provided by the Apache server, so you can later take a look at them and decide if you need to take additional measures in order to enhance the protection of your script-driven sites.
ModSecurity in Cloud Hosting
ModSecurity comes by default with all cloud hosting
plans which we provide and it shall be switched on automatically for any domain or subdomain that you add/create inside your Hepsia hosting CP. The firewall has 3 different modes, so you could switch on and disable it with a click or set it to detection mode, so it'll keep a log of all attacks, but it'll not do anything to stop them. The log for each of your sites shall contain comprehensive info including the nature of the attack, where it came from, what action was taken by ModSecurity, and so forth. The firewall rules that we use are frequently updated and incorporate both commercial ones which we get from a third-party security business and custom ones that our system admins include in case that they detect a new type of attacks. That way, the Internet sites which you host here shall be far more protected with no action needed on your end.
ModSecurity in Semi-dedicated Servers
We've integrated ModSecurity by default inside all semi-dedicated server
products, so your web apps will be protected whenever you install them under any domain or subdomain. The Hepsia CP which comes with the semi-dedicated accounts shall allow you to switch on or disable the firewall for any Internet site with a mouse click. You'll also have the ability to switch on a passive detection mode through which ModSecurity will maintain a log of possible attacks without actually preventing them. The detailed logs include things like the nature of the attack and what ModSecurity response that attack generated, where it originated from, and so forth. The list of rules that we use is frequently updated as to match any new risks which may appear on the Internet and it consists of both commercial rules that we get from a security company and custom-written ones that our administrators include in the event that they find a threat that's not present in the commercial list yet.
ModSecurity in VPS Servers
Safety is vital to us, so we install ModSecurity on all VPS servers
which are made available with the Hepsia Control Panel as a standard. The firewall can be managed through a dedicated section inside Hepsia and is switched on automatically when you add a new domain or create a subdomain, so you will not need to do anything by hand. You'll also be able to deactivate it or turn on the so-called detection mode, so it shall keep a log of possible attacks which you can later analyze, but will not stop them. The logs in both passive and active modes contain information about the type of the attack and how it was stopped, what IP address it originated from and other valuable data which could help you to tighten the security of your Internet sites by updating them or blocking IPs, as an example. Beyond the commercial rules we get for ModSecurity from a third-party security firm, we also use our own rules since every now and then we detect specific attacks which are not yet present within the commercial pack. This way, we can easily enhance the protection of your VPS in a timely manner instead of waiting for an official update.
ModSecurity in Dedicated Servers
ModSecurity is offered as standard with all dedicated servers
that are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain you create on the web server. In the event that a web application doesn't work adequately, you can either disable the firewall or set it to operate in passive mode. The second means that ModSecurity shall keep a log of any potential attack which may occur, but will not take any action to prevent it. The logs generated in passive or active mode will give you additional details about the exact file which was attacked, the type of the attack and the IP address it originated from, and so on. This data shall permit you to decide what actions you can take to enhance the protection of your websites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we employ are updated constantly with a commercial bundle from a third-party security provider we work with, but from time to time our admins include their own rules too if they come across a new potential threat.