Find out what ModSecurity is, how it works and just what it does so as to protect your websites and applications.
ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to an Internet site without affecting its performance and in case it identifies an intrusion attempt, it blocks it. The firewall also maintains a more detailed log for the site visitors than any server does, so you'll manage to monitor what is going on with your websites better than if you rely merely on conventional logs. ModSecurity employs security rules based on which it prevents attacks. For instance, it identifies whether someone is trying to log in to the administration area of a certain script several times or if a request is sent to execute a file with a certain command. In such cases these attempts trigger the corresponding rules and the software hinders the attempts right away, then records in-depth details about them within its logs. ModSecurity is one of the most effective software firewalls out there and it can easily protect your web applications against a large number of threats and vulnerabilities, especially in case you don’t update them or their plugins often.
ModSecurity in Shared Web Hosting
We offer ModSecurity with all shared web hosting
plans, so your web applications will be resistant to destructive attacks. The firewall is activated by default for all domains and subdomains, but if you'd like, you'll be able to stop it via the respective part of your Hepsia Control Panel. You can also switch on a detection mode, so ModSecurity shall keep a log as intended, but will not take any action. The logs that you shall discover within Hepsia are extremely detailed and include info about the nature of any attack, when it occurred and from what IP address, the firewall rule which was triggered, etc. We use a set of commercial rules that are regularly updated, but sometimes our admins add custom rules as well so as to better protect the sites hosted on our machines.
ModSecurity in Semi-dedicated Servers
Any web application that you set up within your new semi-dedicated server
account will be protected by ModSecurity as the firewall is included with all our hosting solutions and is activated by default for any domain and subdomain you add or create via your Hepsia hosting Control Panel. You shall be able to manage ModSecurity via a dedicated area inside Hepsia where not only could you activate or deactivate it fully, but you may also enable a passive mode, so the firewall will not stop anything, but it will still keep an archive of potential attacks. This takes only a mouse click and you will be able to look at the logs regardless if ModSecurity is in active or passive mode through the same section - what the attack was and where it came from, how it was taken care of, etc. The firewall employs two sets of rules on our servers - a commercial one which we get from a third-party web security firm and a custom one which our admins update personally in order to respond to recently discovered threats at the earliest opportunity.
ModSecurity in VPS Servers
Security is very important to us, so we set up ModSecurity on all VPS servers
that are made available with the Hepsia Control Panel by default. The firewall can be managed through a dedicated section inside Hepsia and is activated automatically when you add a new domain or generate a subdomain, so you won't need to do anything by hand. You will also be able to disable it or turn on the so-called detection mode, so it'll keep a log of possible attacks which you can later analyze, but shall not block them. The logs in both passive and active modes include information regarding the kind of the attack and how it was stopped, what IP address it originated from and other useful data that may help you to tighten the security of your websites by updating them or blocking IPs, for instance. In addition to the commercial rules we get for ModSecurity from a third-party security enterprise, we also use our own rules since every now and then we identify specific attacks which are not yet present inside the commercial group. That way, we can easily increase the protection of your Virtual private server in a timely manner rather than waiting for an official update.
ModSecurity in Dedicated Servers
All of our dedicated servers
that are set up with the Hepsia hosting CP come with ModSecurity, so any application that you upload or install shall be properly secured from the very beginning and you'll not need to concern yourself with common attacks or vulnerabilities. An independent section in Hepsia will enable you to start or stop the firewall for every domain or subdomain, or activate a detection mode so that it records info about intrusions, but doesn't take actions to stop them. What you will discover in the logs shall allow you to to secure your sites better - the IP an attack originated from, what site was attacked and exactly how, what ModSecurity rule was triggered, and so forth. With this information, you'll be able to see if a website needs an update, whether you should block IPs from accessing your hosting server, and so on. On top of the third-party commercial security rules for ModSecurity we use, our administrators add custom ones as well every time they come across a new threat that's not yet a part of the commercial bundle.