ModSecurity is a highly effective firewall for Apache web servers which is used to prevent attacks toward web applications. It monitors the HTTP traffic to a specific Internet site in real time and stops any intrusion attempts the instant it discovers them. The firewall relies on a set of rules to do this - as an illustration, attempting to log in to a script administration area without success several times sets off one rule, sending a request to execute a particular file which may result in gaining access to the website triggers another rule, and so on. ModSecurity is amongst the best firewalls around and it'll protect even scripts that are not updated on a regular basis since it can prevent attackers from employing known exploits and security holes. Very detailed info about each intrusion attempt is recorded and the logs the firewall maintains are considerably more comprehensive than the regular logs generated by the Apache server, so you may later analyze them and determine whether you need to take extra measures so as to increase the security of your script-driven websites.
ModSecurity in Web Hosting
ModSecurity is available with each web hosting package that we provide and it's switched on by default for any domain or subdomain that you include through your Hepsia Control Panel. In the event that it disrupts any of your applications or you would like to disable it for some reason, you will be able to accomplish that through the ModSecurity area of Hepsia with simply a click. You can also enable a passive mode, so the firewall will recognize possible attacks and keep a log, but will not take any action. You can view detailed logs in the very same section, including the IP where the attack came from, what exactly the attacker attempted to do and at what time, what ModSecurity did, and so forth. For max safety of our clients we use a collection of commercial firewall rules mixed with custom ones that are provided by our system admins.
ModSecurity in Semi-dedicated Servers
We've incorporated ModSecurity by default in all semi-dedicated server plans, so your web apps shall be protected whenever you install them under any domain or subdomain. The Hepsia Control Panel which comes with the semi-dedicated accounts shall permit you to activate or turn off the firewall for any site with a mouse click. You'll also have the ability to activate a passive detection mode with which ModSecurity shall keep a log of potential attacks without really preventing them. The thorough logs include the nature of the attack and what ModSecurity response this attack triggered, where it came from, etcetera. The list of rules we use is frequently updated in order to match any new risks which could appear on the Internet and it features both commercial rules that we get from a security firm and custom-written ones that our administrators include in the event that they discover a threat that's not present inside the commercial list yet.
ModSecurity in VPS Servers
ModSecurity is pre-installed on all VPS servers that are provided with the Hepsia hosting Control Panel, so your web apps shall be secured from the instant your server is in a position. The firewall is switched on by default for any domain or subdomain on the VPS, but if needed, you can disable it with a mouse click through the corresponding section of Hepsia. You can also set it to function in detection mode, so it shall keep a detailed log of any potential attacks without taking any action to stop them. The logs can be found inside the very same section and offer information regarding the nature of the attack, what IP address it came from and what ModSecurity rule was activated to stop it. For optimum security, we use not simply commercial rules from a company working in the field of web security, but also custom ones which our admins add personally in order to react to new threats that are still not addressed in the commercial rules.
ModSecurity in Dedicated Servers
ModSecurity comes with all dedicated servers that are integrated with our Hepsia CP and you'll not need to do anything specific on your end to employ it because it is activated by default each time you add a new domain or subdomain on your web server. In case it interferes with any of your programs, you shall be able to stop it through the respective part of Hepsia, or you could leave it operating in passive mode, so it will recognize attacks and shall still maintain a log for them, but won't block them. You can analyze the logs later to learn what you can do to increase the security of your Internet sites as you shall find info such as where an intrusion attempt came from, what website was attacked and based on what rule ModSecurity reacted, etc. The rules we employ are commercial, thus they are regularly updated by a security provider, but to be on the safe side, our admins also add custom rules occasionally as to deal with any new threats they have identified.