ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It's employed to stop attacks towards script-driven Internet sites by employing security rules that contain particular expressions. This way, the firewall can prevent hacking and spamming attempts and preserve even Internet sites that are not updated frequently. As an example, several unsuccessful login attempts to a script admin area or attempts to execute a particular file with the objective to get access to the script shall trigger specific rules, so ModSecurity will block out these activities the instant it detects them. The firewall is extremely efficient since it screens the entire HTTP traffic to a website in real time without slowing it down, so it could stop an attack before any harm is done. It also maintains an incredibly thorough log of all attack attempts that features more info than typical Apache logs, so you could later examine the data and take extra measures to increase the security of your sites if necessary.
ModSecurity in Website Hosting
ModSecurity is available on all website hosting servers, so if you decide to host your sites with our organization, they will be resistant to an array of attacks. The firewall is enabled as standard for all domains and subdomains, so there'll be nothing you will have to do on your end. You shall be able to stop ModSecurity for any site if required, or to activate a detection mode, so all activity shall be recorded, but the firewall won't take any real action. You will be able to view specific logs from your Hepsia CP including the IP address where the attack originated from, what the attacker wished to do and how ModSecurity addressed the threat. As we take the protection of our customers' sites very seriously, we use a collection of commercial rules which we take from one of the best firms that maintain this sort of rules. Our admins also add custom rules to make certain that your Internet sites shall be shielded from as many risks as possible.
ModSecurity in Semi-dedicated Hosting
ModSecurity is part of our semi-dedicated hosting solutions and if you opt to host your websites with us, there shall not be anything special you'll need to do since the firewall is switched on by default for all domains and subdomains which you add via your hosting Control Panel. If required, you'll be able to disable ModSecurity for a certain site or switch on the so-called detection mode in which case the firewall will still function and record data, but shall not do anything to prevent possible attacks against your websites. Detailed logs will be available within your Control Panel and you'll be able to see what type of attacks occurred, what security rules were triggered and how the firewall addressed the threats, what IP addresses the attacks came from, and so on. We use 2 types of rules on our servers - commercial ones from a company that operates in the field of web security, and customized ones that our administrators often include to respond to newly discovered risks on time.
ModSecurity in VPS
Protection is essential to us, so we set up ModSecurity on all virtual private servers which are provided with the Hepsia Control Panel as a standard. The firewall can be managed through a dedicated section inside Hepsia and is activated automatically when you include a new domain or generate a subdomain, so you'll not need to do anything by hand. You'll also be able to deactivate it or switch on the so-called detection mode, so it will maintain a log of potential attacks you can later analyze, but won't prevent them. The logs in both passive and active modes include details regarding the form of the attack and how it was prevented, what IP address it came from and other important info that may help you to tighten the security of your websites by updating them or blocking IPs, as an example. In addition to the commercial rules we get for ModSecurity from a third-party security company, we also employ our own rules as from time to time we find specific attacks which are not yet present within the commercial group. That way, we can easily improve the protection of your Virtual private server in a timely manner rather than waiting for an official update.
ModSecurity in Dedicated Hosting
When you decide to host your Internet sites on a dedicated server with the Hepsia CP, your web apps will be secured right away because ModSecurity is supplied with all Hepsia-based solutions. You'll be able to manage the firewall easily and if needed, you'll be able to turn it off or enable its passive mode when it will only maintain a log of what's occurring without taking any action to stop possible attacks. The logs that you will find inside the very same section of the CP are very detailed and feature info about the attacker IP address, what website and file were attacked and in what way, what rule the firewall employed to prevent the intrusion, etc. This data shall allow you to take measures and improve the security of your Internet sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones which our admins include whenever they identify attacks which have not yet been included in the commercial pack.