Discover what ModSecurity is, how it works and just what it does to protect your web sites and applications.
ModSecurity is a powerful web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its performance and when it detects an intrusion attempt, it blocks it. The firewall also keeps a more detailed log for the site visitors than any web server does, so you shall be able to keep an eye on what is going on with your Internet sites a lot better than if you rely merely on standard logs. ModSecurity uses security rules based on which it helps prevent attacks. For example, it detects whether someone is attempting to log in to the admin area of a particular script a number of times or if a request is sent to execute a file with a certain command. In these cases these attempts set off the corresponding rules and the firewall program hinders the attempts right away, and then records in-depth information about them within its logs. ModSecurity is one of the best software firewalls on the market and it could easily protect your web apps against a huge number of threats and vulnerabilities, especially in case you don’t update them or their plugins frequently.
ModSecurity in Cloud Web Hosting
ModSecurity is available with every single cloud web hosting
solution that we provide and it's activated by default for every domain or subdomain that you add via your Hepsia CP. In case it disrupts any of your programs or you would like to disable it for any reason, you shall be able to achieve that through the ModSecurity section of Hepsia with just a mouse click. You could also activate a passive mode, so the firewall will identify potential attacks and keep a log, but won't take any action. You could view comprehensive logs in the same section, including the IP where the attack came from, what precisely the attacker attempted to do and at what time, what ModSecurity did, etcetera. For maximum safety of our clients we use a collection of commercial firewall rules combined with custom ones which are provided by our system admins.
ModSecurity in Semi-dedicated Hosting
All semi-dedicated hosting
solutions that we offer come with ModSecurity and given that the firewall is switched on by default, any website you set up under a domain or a subdomain will be protected immediately. An individual section in the Hepsia Control Panel which comes with the semi-dedicated accounts is dedicated to ModSecurity and it'll allow you to start and stop the firewall for any site or switch on a detection mode. With the last option, ModSecurity won't take any action, but it'll still recognize possible attacks and shall keep all information inside a log as if it were completely active. The logs could be found inside the same section of the CP and they offer information regarding the IP where an attack came from, what its nature was, what rule ModSecurity applies to identify and stop it, etcetera. The security rules that we employ on our servers are a mix of commercial ones from a security firm and custom ones made by our system administrators. For that reason, we provide greater security for your web programs as we can defend them from attacks before security companies release updates for new threats.
ModSecurity in VPS
ModSecurity is pre-installed on all virtual private servers
that are provided with the Hepsia hosting Control Panel, so your web programs will be secured from the moment your server is in a position. The firewall is switched on by default for any domain or subdomain on the VPS, but if needed, you'll be able to disable it with a click of your mouse through the corresponding section of Hepsia. You could also set it to function in detection mode, so it will keep an extensive log of any potential attacks without taking any action to prevent them. The logs can be found in the very same section and offer info about the nature of the attack, what IP address it originated from and what ModSecurity rule was triggered to stop it. For maximum security, we employ not just commercial rules from a business operating in the field of web security, but also custom ones that our administrators include personally so as to respond to new threats that are still not dealt with in the commercial rules.
ModSecurity in Dedicated Hosting
If you opt to host your websites on a dedicated server
with the Hepsia Control Panel, your web apps shall be secured right from the start since ModSecurity is provided with all Hepsia-based plans. You shall be able to regulate the firewall effortlessly and if needed, you'll be able to turn it off or switch on its passive mode when it shall only keep a log of what's taking place without taking any action to prevent potential attacks. The logs which you'll find within the very same section of the CP are quite detailed and include information about the attacker IP address, what website and file were attacked and in what ways, what rule the firewall used to prevent the intrusion, etc. This data shall permit you to take measures and boost the protection of your websites even more. To be on the safe side, we employ not only commercial rules, but also custom-made ones that our staff include whenever they recognize attacks which have not yet been included in the commercial pack.