Discover what ModSecurity is, how it works and just what it does to protect your sites and apps.
ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its overall performance and when it identifies an intrusion attempt, it prevents it. The firewall furthermore maintains a more thorough log for the website visitors than any server does, so you shall manage to keep an eye on what's happening with your Internet sites much better than if you rely simply on standard logs. ModSecurity uses security rules based on which it prevents attacks. For instance, it detects if somebody is attempting to log in to the administrator area of a particular script several times or if a request is sent to execute a file with a specific command. In such situations these attempts trigger the corresponding rules and the firewall software hinders the attempts instantly, after that records detailed details about them in its logs. ModSecurity is one of the most effective software firewalls available and it can protect your web applications against a huge number of threats and vulnerabilities, particularly in case you don’t update them or their plugins regularly.
ModSecurity in Website Hosting
We offer ModSecurity with all website hosting
plans, so your web applications shall be resistant to harmful attacks. The firewall is turned on by default for all domains and subdomains, but if you would like, you'll be able to stop it via the respective area of your Hepsia Control Panel. You'll be able to also switch on a detection mode, so ModSecurity will keep a log as intended, but won't take any action. The logs that you'll discover within Hepsia are quite detailed and include data about the nature of any attack, when it happened and from what IP, the firewall rule which was triggered, and so forth. We employ a set of commercial rules that are frequently updated, but sometimes our administrators add custom rules as well so as to efficiently protect the Internet sites hosted on our servers.
ModSecurity in Semi-dedicated Hosting
All semi-dedicated hosting
solutions that we offer come with ModSecurity and because the firewall is enabled by default, any Internet site that you set up under a domain or a subdomain shall be secured straight away. An individual section inside the Hepsia Control Panel that comes with the semi-dedicated accounts is devoted to ModSecurity and it shall allow you to stop and start the firewall for any Internet site or enable a detection mode. With the last option, ModSecurity will not take any action, but it shall still identify possible attacks and shall keep all information in a log as if it were 100% active. The logs could be found inside the very same section of the Control Panel and they offer specifics about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to detect and stop it, etc. The security rules which we employ on our web servers are a mix between commercial ones from a security business and custom ones made by our system administrators. Consequently, we provide increased security for your web applications as we can shield them from attacks before security corporations release updates for new threats.
ModSecurity in VPS
ModSecurity is pre-installed on all virtual private servers
which are set up with the Hepsia hosting Control Panel, so your web programs will be protected from the second your server is ready. The firewall is activated by default for any domain or subdomain on the Virtual Private Server, but if needed, you'll be able to disable it with a click of your mouse through the corresponding section of Hepsia. You can also set it to function in detection mode, so it'll keep a comprehensive log of any potential attacks without taking any action to prevent them. The logs are available inside the same section and offer info about the nature of the attack, what IP address it came from and what ModSecurity rule was activated to stop it. For optimum security, we use not only commercial rules from a business working in the field of web security, but also custom ones our admins add personally so as to react to new risks that are still not tackled in the commercial rules.
ModSecurity in Dedicated Hosting
When you decide to host your websites on a dedicated server
with the Hepsia Control Panel, your web applications shall be protected straight away since ModSecurity is available with all Hepsia-based solutions. You'll be able to manage the firewall easily and if necessary, you'll be able to turn it off or activate its passive mode when it will only keep a log of what is going on without taking any action to stop possible attacks. The logs which you'll find within the exact same section of the CP are very detailed and include information about the attacker IP, what website and file were attacked and in what ways, what rule the firewall employed to prevent the intrusion, etc. This data shall enable you to take measures and increase the protection of your Internet sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones that our staff add when they recognize attacks which haven't yet been included in the commercial pack.