Discover what ModSecurity is in fact, how it operates and just what exactly it can do to guard your websites and web applications.
ModSecurity is an efficient firewall for Apache web servers that's used to stop attacks toward web apps. It tracks the HTTP traffic to a certain Internet site in real time and prevents any intrusion attempts the instant it discovers them. The firewall uses a set of rules to accomplish that - as an example, attempting to log in to a script administrator area unsuccessfully a few times activates one rule, sending a request to execute a particular file which may result in accessing the website triggers another rule, etc. ModSecurity is among the best firewalls available on the market and it will preserve even scripts that aren't updated frequently as it can prevent attackers from employing known exploits and security holes. Very comprehensive information about each and every intrusion attempt is recorded and the logs the firewall maintains are considerably more comprehensive than the conventional logs created by the Apache server, so you can later examine them and determine whether you need to take extra measures so as to boost the protection of your script-driven websites.
ModSecurity in Hosting
ModSecurity comes by default with all hosting
solutions which we supply and it'll be switched on automatically for any domain or subdomain which you add/create in your Hepsia hosting Control Panel. The firewall has three different modes, so you'll be able to switch on and disable it with only a mouse click or set it to detection mode, so it'll keep a log of all attacks, but it shall not do anything to stop them. The log for each of your sites shall contain elaborate info including the nature of the attack, where it came from, what action was taken by ModSecurity, and so forth. The firewall rules we use are frequently updated and include both commercial ones that we get from a third-party security company and custom ones our system admins include in the event that they detect a new kind of attacks. This way, the websites you host here will be much more secure without any action needed on your end.
ModSecurity in Semi-dedicated Servers
All semi-dedicated server
plans that we offer come with ModSecurity and because the firewall is switched on by default, any Internet site that you build under a domain or a subdomain shall be protected straight away. An independent section in the Hepsia CP that comes with the semi-dedicated accounts is dedicated to ModSecurity and it will permit you to start and stop the firewall for any website or switch on a detection mode. With the last mentioned, ModSecurity will not take any action, but it shall still detect possible attacks and will keep all information within a log as if it were completely active. The logs can be found within the same section of the CP and they offer information regarding the IP where an attack came from, what its nature was, what rule ModSecurity applies to identify and stop it, and so on. The security rules that we employ on our machines are a mix of commercial ones from a security company and custom ones made by our system administrators. Therefore, we offer higher security for your web programs as we can protect them from attacks before security businesses release updates for brand new threats.
ModSecurity in VPS Servers
ModSecurity is pre-installed on all VPS servers
which are provided with the Hepsia hosting Control Panel, so your web programs will be protected from the moment your server is in a position. The firewall is activated by default for any domain or subdomain on the VPS, but if necessary, you can deactivate it with a click of your mouse via the corresponding section of Hepsia. You can also set it to function in detection mode, so it will keep a detailed log of any possible attacks without taking any action to prevent them. The logs can be found inside the very same section and provide information regarding the nature of the attack, what IP it originated from and what ModSecurity rule was initiated to stop it. For maximum security, we use not just commercial rules from a firm operating in the field of web security, but also custom ones our admins add personally in order to respond to new threats that are still not dealt with in the commercial rules.
ModSecurity in Dedicated Servers
If you opt to host your sites on a dedicated server
with the Hepsia Control Panel, your web apps will be secured straight away since ModSecurity is provided with all Hepsia-based packages. You'll be able to manage the firewall with ease and if necessary, you'll be able to turn it off or activate its passive mode when it shall only keep a log of what is occurring without taking any action to stop possible attacks. The logs which you'll find within the exact same section of the CP are quite detailed and include data about the attacker IP, what website and file were attacked and in what ways, what rule the firewall used to stop the intrusion, and so forth. This info shall enable you to take measures and enhance the protection of your Internet sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones which our admins include whenever they detect attacks that haven't yet been included inside the commercial pack.