ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It's employed to stop attacks toward script-driven websites by employing security rules that contain particular expressions. That way, the firewall can block hacking and spamming attempts and shield even Internet sites that aren't updated on a regular basis. For instance, numerous unsuccessful login attempts to a script admin area or attempts to execute a certain file with the intention to get access to the script will trigger particular rules, so ModSecurity shall block these activities the moment it discovers them. The firewall is quite efficient since it tracks the whole HTTP traffic to an Internet site in real time without slowing it down, so it can easily stop an attack before any harm is done. It additionally maintains an exceptionally comprehensive log of all attack attempts that contains more info than conventional Apache logs, so you could later examine the data and take further measures to enhance the security of your websites if required.
ModSecurity in Website Hosting
ModSecurity is offered with each and every website hosting solution that we offer and it's activated by default for every domain or subdomain that you add via your Hepsia CP. In the event that it interferes with any of your applications or you'd like to disable it for some reason, you shall be able to do that through the ModSecurity area of Hepsia with only a mouse click. You can also use a passive mode, so the firewall will recognize potential attacks and keep a log, but shall not take any action. You'll be able to see comprehensive logs in the very same section, including the IP address where the attack came from, what precisely the attacker aimed to do and at what time, what ModSecurity did, and so on. For max safety of our clients we use a group of commercial firewall rules blended with custom ones that are provided by our system administrators.
ModSecurity in Semi-dedicated Servers
ModSecurity is part of our semi-dedicated server plans and if you choose to host your sites with us, there shall not be anything special you'll need to do as the firewall is activated by default for all domains and subdomains you include via your hosting CP. If required, you could disable ModSecurity for a certain website or switch on the so-called detection mode in which case the firewall will still function and record info, but won't do anything to prevent possible attacks against your sites. Detailed logs will be accessible within your CP and you'll be able to see what type of attacks happened, what security rules were triggered and how the firewall addressed the threats, what Internet protocol addresses the attacks came from, and so forth. We use 2 types of rules on our servers - commercial ones from a firm that operates in the field of web security, and custom made ones that our administrators often include to respond to newly identified risks on time.
ModSecurity in Dedicated Servers
ModSecurity is available by default with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain which you create on the hosting server. In the event that a web app does not operate properly, you can either switch off the firewall or set it to operate in passive mode. The latter means that ModSecurity shall keep a log of any possible attack that may happen, but shall not take any action to stop it. The logs generated in active or passive mode will offer you additional details about the exact file which was attacked, the form of the attack and the IP it came from, etcetera. This information will permit you to choose what steps you can take to enhance the security of your sites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules that we employ are updated often with a commercial pack from a third-party security provider we work with, but occasionally our administrators add their own rules too when they come across a new potential threat.