ModSecurity
Learn what ModSecurity is, how it functions and what exactly it does in order to protect your web sites and applications.
ModSecurity is a powerful firewall for Apache web servers that is employed to stop attacks towards web apps. It tracks the HTTP traffic to a certain Internet site in real time and prevents any intrusion attempts as soon as it detects them. The firewall relies on a set of rules to accomplish that - for example, attempting to log in to a script admin area unsuccessfully several times sets off one rule, sending a request to execute a particular file which could result in gaining access to the website triggers a different rule, etc. ModSecurity is among the best firewalls on the market and it will secure even scripts which are not updated regularly because it can prevent attackers from employing known exploits and security holes. Quite comprehensive data about every intrusion attempt is recorded and the logs the firewall maintains are much more specific than the standard logs provided by the Apache server, so you could later analyze them and determine if you need to take additional measures in order to increase the safety of your script-driven Internet sites.
-
ModSecurity in Web Hosting
ModSecurity comes by default with all
web hosting packages which we offer and it will be activated automatically for any domain or subdomain that you add/create within your Hepsia hosting Control Panel. The firewall has three different modes, so you can activate and disable it with a click or set it to detection mode, so it shall maintain a log of all attacks, but it shall not do anything to prevent them. The log for each of your Internet sites shall include comprehensive information including the nature of the attack, where it came from, what action was taken by ModSecurity, and so on. The firewall rules that we use are constantly updated and comprise of both commercial ones that we get from a third-party security firm and custom ones our system administrators include in the event that they detect a new kind of attacks. That way, the websites you host here will be far more protected with no action required on your end.
-
ModSecurity in Semi-dedicated Servers
ModSecurity is a part of our
semi-dedicated server plans and if you choose to host your websites with us, there won't be anything special you'll need to do since the firewall is switched on by default for all domains and subdomains you include using your hosting Control Panel. If needed, you'll be able to disable ModSecurity for a given website or activate the so-called detection mode in which case the firewall will still function and record information, but won't do anything to stop potential attacks on your sites. In depth logs shall be readily available in your CP and you will be able to see what sort of attacks took place, what security rules were triggered and how the firewall dealt with the threats, what IP addresses the attacks came from, etc. We use two kinds of rules on our servers - commercial ones from an organization which operates in the field of web security, and custom ones that our admins sometimes add to respond to newly identified threats promptly.
-
ModSecurity in VPS Servers
Safety is vital to us, so we install ModSecurity on all
VPS servers which are provided with the Hepsia CP as a standard. The firewall could be managed through a dedicated section within Hepsia and is turned on automatically when you include a new domain or generate a subdomain, so you won't need to do anything personally. You will also be able to deactivate it or turn on the so-called detection mode, so it'll keep a log of potential attacks which you can later analyze, but won't stop them. The logs in both passive and active modes include details about the kind of the attack and how it was stopped, what IP address it originated from and other valuable data which could help you to tighten the security of your sites by updating them or blocking IPs, as an example. In addition to the commercial rules which we get for ModSecurity from a third-party security firm, we also implement our own rules as from time to time we identify specific attacks that are not yet present in the commercial group. That way, we could improve the protection of your Virtual private server immediately instead of awaiting a certified update.
-
ModSecurity in Dedicated Servers
ModSecurity is included with all
dedicated servers which are set up with our Hepsia CP and you won't have to do anything specific on your end to use it as it is turned on by default whenever you include a new domain or subdomain on your hosting server. In case it disrupts some of your applications, you'll be able to stop it through the respective section of Hepsia, or you may leave it operating in passive mode, so it will detect attacks and will still keep a log for them, but shall not block them. You can analyze the logs later to find out what you can do to enhance the safety of your Internet sites since you will find information such as where an intrusion attempt came from, what Internet site was attacked and based on what rule ModSecurity reacted, and so forth. The rules which we use are commercial, hence they're frequently updated by a security company, but to be on the safe side, our staff also include custom rules from time to time as to respond to any new threats they have identified.