ModSecurity is an efficient firewall for Apache web servers that's used to prevent attacks toward web applications. It monitors the HTTP traffic to a specific Internet site in real time and stops any intrusion attempts as soon as it identifies them. The firewall relies on a set of rules to do this - as an example, attempting to log in to a script administrator area unsuccessfully several times triggers one rule, sending a request to execute a specific file that could result in accessing the Internet site triggers a different rule, and so on. ModSecurity is one of the best firewalls available on the market and it will secure even scripts which aren't updated on a regular basis since it can prevent attackers from using known exploits and security holes. Quite thorough information about every intrusion attempt is recorded and the logs the firewall maintains are considerably more comprehensive than the regular logs provided by the Apache server, so you may later examine them and determine if you need to take additional measures in order to enhance the security of your script-driven sites.

ModSecurity in Web Hosting

ModSecurity is offered with each and every web hosting plan that we offer and it's activated by default for any domain or subdomain which you include through your Hepsia Control Panel. If it interferes with any of your programs or you would like to disable it for some reason, you will be able to do that through the ModSecurity section of Hepsia with merely a click. You can also enable a passive mode, so the firewall will discover possible attacks and keep a log, but won't take any action. You could view comprehensive logs in the same section, including the IP address where the attack came from, exactly what the attacker tried to do and at what time, what ModSecurity did, etc. For maximum security of our clients we use a collection of commercial firewall rules combined with custom ones which are added by our system admins.

ModSecurity in Semi-dedicated Servers

ModSecurity is part of our semi-dedicated server plans and if you opt to host your websites with our company, there will not be anything special you will have to do since the firewall is turned on by default for all domains and subdomains you include using your hosting CP. If necessary, you could disable ModSecurity for a certain website or turn on the so-called detection mode in which case the firewall will still operate and record information, but will not do anything to stop potential attacks against your websites. Thorough logs will be readily available inside your CP and you'll be able to see which kind of attacks occurred, what security rules were triggered and how the firewall addressed the threats, what IP addresses the attacks originated from, etc. We use 2 kinds of rules on our servers - commercial ones from a business that operates in the field of web security, and customized ones which our administrators often include to respond to newly discovered risks promptly.

ModSecurity in VPS Servers

Protection is vital to us, so we install ModSecurity on all VPS servers which are set up with the Hepsia CP as a standard. The firewall could be managed through a dedicated section in Hepsia and is switched on automatically when you add a new domain or create a subdomain, so you'll not need to do anything by hand. You shall also be able to disable it or switch on the so-called detection mode, so it shall maintain a log of potential attacks that you can later examine, but shall not stop them. The logs in both passive and active modes contain information regarding the form of the attack and how it was stopped, what IP address it came from and other useful information which could help you to tighten the security of your websites by updating them or blocking IPs, for instance. Beyond the commercial rules we get for ModSecurity from a third-party security enterprise, we also use our own rules as every now and then we identify specific attacks that aren't yet present in the commercial package. That way, we can enhance the protection of your Virtual private server in a timely manner rather than waiting for an official update.

ModSecurity in Dedicated Servers

ModSecurity is offered as standard with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain that you create on the web server. Just in case that a web app does not operate correctly, you can either turn off the firewall or set it to operate in passive mode. The second means that ModSecurity shall keep a log of any potential attack which could take place, but will not take any action to stop it. The logs produced in active or passive mode shall present you with more details about the exact file that was attacked, the form of the attack and the IP it came from, and so forth. This info shall allow you to decide what actions you can take to boost the security of your sites, including blocking IPs or performing script and plugin updates. The ModSecurity rules we employ are updated regularly with a commercial bundle from a third-party security provider we work with, but oftentimes our staff include their own rules also in case they discover a new potential threat.