ModSecurity is a plugin for Apache web servers that functions as a web application layer firewall. It's employed to prevent attacks toward script-driven websites through the use of security rules that contain certain expressions. This way, the firewall can block hacking and spamming attempts and protect even sites that aren't updated often. As an example, numerous unsuccessful login attempts to a script admin area or attempts to execute a particular file with the intention to get access to the script shall trigger certain rules, so ModSecurity shall stop these activities the instant it identifies them. The firewall is extremely efficient as it screens the whole HTTP traffic to an Internet site in real time without slowing it down, so it can easily prevent an attack before any harm is done. It also keeps an incredibly thorough log of all attack attempts which contains more information than typical Apache logs, so you could later examine the data and take additional measures to increase the security of your websites if needed.
ModSecurity in Shared Hosting
ModSecurity is available with each shared hosting package that we offer and it is turned on by default for any domain or subdomain that you include through your Hepsia CP. In case it disrupts any of your programs or you would like to disable it for any reason, you shall be able to achieve that through the ModSecurity area of Hepsia with merely a click. You could also activate a passive mode, so the firewall will detect possible attacks and keep a log, but shall not take any action. You can view detailed logs in the same section, including the IP address where the attack came from, exactly what the attacker aimed to do and at what time, what ModSecurity did, etcetera. For max protection of our clients we use a group of commercial firewall rules blended with custom ones that are provided by our system admins.
ModSecurity in Semi-dedicated Servers
ModSecurity is a part of our semi-dedicated server packages and if you decide to host your websites with our company, there shall not be anything special you will have to do as the firewall is turned on by default for all domains and subdomains that you include using your hosting CP. If necessary, you can disable ModSecurity for a certain Internet site or turn on the so-called detection mode in which case the firewall shall still function and record info, but will not do anything to stop possible attacks against your Internet sites. In depth logs will be readily available within your Control Panel and you will be able to see what sort of attacks happened, what security rules were triggered and how the firewall handled the threats, what Internet protocol addresses the attacks came from, and so on. We employ two sorts of rules on our servers - commercial ones from an organization which operates in the field of web security, and custom made ones which our administrators occasionally add to respond to newly discovered risks promptly.
ModSecurity in Dedicated Servers
All of our dedicated servers that are set up with the Hepsia hosting CP include ModSecurity, so any application you upload or install will be secured from the very beginning and you'll not need to concern yourself with common attacks or vulnerabilities. An independent section inside Hepsia will permit you to start or stop the firewall for each and every domain or subdomain, or turn on a detection mode so that it records details about intrusions, but does not take actions to stop them. What you will see in the logs can easily allow you to to secure your Internet sites better - the IP an attack came from, what website was attacked as well as how, what ModSecurity rule was triggered, and so forth. With this info, you could see if an Internet site needs an update, whether you ought to block IPs from accessing your hosting server, and so forth. Aside from the third-party commercial security rules for ModSecurity we use, our admins add custom ones as well whenever they come across a new threat that is not yet in the commercial bundle.