Learn what ModSecurity actually is, what it does and what actually it can do to defend your web sites and apps.
ModSecurity is a powerful firewall for Apache web servers which is employed to prevent attacks towards web applications. It tracks the HTTP traffic to a particular site in real time and stops any intrusion attempts the moment it discovers them. The firewall relies on a set of rules to accomplish that - for instance, trying to log in to a script administration area without success a few times triggers one rule, sending a request to execute a particular file that may result in gaining access to the website triggers a different rule, etcetera. ModSecurity is amongst the best firewalls around and it'll protect even scripts which are not updated frequently because it can prevent attackers from employing known exploits and security holes. Very comprehensive info about each intrusion attempt is recorded and the logs the firewall keeps are a lot more specific than the regular logs provided by the Apache server, so you could later analyze them and determine whether you need to take extra measures in order to boost the safety of your script-driven sites.
ModSecurity in Shared Hosting
ModSecurity can be found with each and every shared hosting
solution that we offer and it's switched on by default for any domain or subdomain which you add through your Hepsia CP. In case it disrupts any of your apps or you'd like to disable it for whatever reason, you will be able to do this through the ModSecurity area of Hepsia with simply a mouse click. You can also enable a passive mode, so the firewall will identify possible attacks and maintain a log, but shall not take any action. You can see extensive logs in the very same section, including the IP address where the attack originated from, exactly what the attacker attempted to do and at what time, what ModSecurity did, and so on. For optimum safety of our clients we use a set of commercial firewall rules mixed with custom ones that are included by our system admins.
ModSecurity in Semi-dedicated Servers
We've included ModSecurity as a standard inside all semi-dedicated server
products, so your web applications shall be protected as soon as you set them up under any domain or subdomain. The Hepsia CP which comes with the semi-dedicated accounts will permit you to switch on or turn off the firewall for any site with a click. You'll also have the ability to switch on a passive detection mode in which ModSecurity will keep a log of possible attacks without actually stopping them. The detailed logs include the nature of the attack and what ModSecurity response that attack triggered, where it originated from, etc. The list of rules we use is regularly updated as to match any new threats which may appear on the Internet and it comes with both commercial rules that we get from a security corporation and custom-written ones which our administrators add in the event that they find a threat that is not present inside the commercial list yet.
ModSecurity in VPS Servers
ModSecurity is pre-installed on all VPS servers
which are offered with the Hepsia hosting CP, so your web applications shall be secured from the second your server is ready. The firewall is switched on by default for any domain or subdomain on the Virtual Private Server, but if needed, you could disable it with a mouse click from the corresponding section of Hepsia. You may also set it to operate in detection mode, so it will keep an extensive log of any potential attacks without taking any action to prevent them. The logs can be found within the very same section and provide information about the nature of the attack, what IP it originated from and what ModSecurity rule was triggered to stop it. For best security, we use not only commercial rules from a firm operating in the field of web security, but also custom ones our administrators add manually so as to react to new risks which are still not dealt with in the commercial rules.
ModSecurity in Dedicated Servers
ModSecurity is included with all dedicated servers
which are integrated with our Hepsia CP and you won't have to do anything specific on your end to use it as it is activated by default every time you include a new domain or subdomain on your hosting server. If it disrupts some of your applications, you shall be able to stop it through the respective section of Hepsia, or you can leave it in passive mode, so it will detect attacks and will still keep a log for them, but won't block them. You could analyze the logs later to learn what you can do to improve the protection of your Internet sites since you will find information such as where an intrusion attempt came from, what Internet site was attacked and in accordance with what rule ModSecurity reacted, etc. The rules that we use are commercial, therefore they're regularly updated by a security company, but to be on the safe side, our admins also add custom rules from time to time as to deal with any new threats they have discovered.