ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It is employed to prevent attacks towards script-driven Internet sites by using security rules that contain particular expressions. This way, the firewall can stop hacking and spamming attempts and protect even sites which are not updated regularly. As an example, several failed login attempts to a script administrative area or attempts to execute a certain file with the purpose to get access to the script will trigger particular rules, so ModSecurity will block out these activities the second it detects them. The firewall is incredibly efficient since it tracks the whole HTTP traffic to a site in real time without slowing it down, so it could stop an attack before any damage is done. It also keeps an exceptionally comprehensive log of all attack attempts which includes more information than traditional Apache logs, so you can later analyze the data and take further measures to improve the security of your Internet sites if needed.
ModSecurity in Cloud Web Hosting
ModSecurity is supplied with all cloud web hosting machines, so when you opt to host your Internet sites with our firm, they'll be shielded from a wide range of attacks. The firewall is enabled by default for all domains and subdomains, so there'll be nothing you'll need to do on your end. You'll be able to stop ModSecurity for any site if needed, or to activate a detection mode, so that all activity shall be recorded, but the firewall shall not take any real action. You'll be able to view detailed logs using your Hepsia Control Panel including the IP where the attack came from, what the attacker planned to do and how ModSecurity dealt with the threat. As we take the protection of our clients' websites very seriously, we employ a group of commercial rules that we get from one of the leading companies which maintain this type of rules. Our administrators also include custom rules to ensure that your Internet sites shall be shielded from as many threats as possible.
ModSecurity in Semi-dedicated Servers
We've included ModSecurity by default within all semi-dedicated server products, so your web applications shall be protected the instant you install them under any domain or subdomain. The Hepsia Control Panel which comes with the semi-dedicated accounts will allow you to enable or turn off the firewall for any site with a mouse click. You will also be able to turn on a passive detection mode through which ModSecurity shall keep a log of potential attacks without actually preventing them. The thorough logs include the nature of the attack and what ModSecurity response this attack activated, where it came from, etcetera. The list of rules that we employ is regularly updated in order to match any new threats that might appear on the Internet and it comes with both commercial rules that we get from a security company and custom-written ones which our admins add if they discover a threat that's not present within the commercial list yet.
ModSecurity in Dedicated Servers
ModSecurity is offered as standard with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain which you create on the hosting server. In case that a web app doesn't operate properly, you can either turn off the firewall or set it to function in passive mode. The latter means that ModSecurity will keep a log of any possible attack that may occur, but won't take any action to prevent it. The logs generated in active or passive mode will offer you more details about the exact file that was attacked, the type of the attack and the IP it originated from, etcetera. This info shall permit you to determine what steps you can take to improve the protection of your Internet sites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules that we use are updated frequently with a commercial bundle from a third-party security enterprise we work with, but sometimes our administrators add their own rules too in case they identify a new potential threat.