ModSecurity is a potent web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its overall performance and if it detects an intrusion attempt, it prevents it. The firewall additionally maintains a more detailed log for the site visitors than any server does, so you will manage to keep track of what's going on with your sites better than if you rely only on conventional logs. ModSecurity employs security rules based on which it helps prevent attacks. For example, it identifies whether somebody is trying to log in to the admin area of a specific script multiple times or if a request is sent to execute a file with a certain command. In such instances these attempts set off the corresponding rules and the firewall hinders the attempts immediately, and then records in-depth info about them inside its logs. ModSecurity is among the very best software firewalls available and it could easily protect your web apps against many threats and vulnerabilities, especially in case you don’t update them or their plugins regularly.
ModSecurity in Shared Website Hosting
ModSecurity is supplied with all shared website hosting web servers, so when you choose to host your Internet sites with our organization, they shall be protected against an array of attacks. The firewall is turned on as standard for all domains and subdomains, so there'll be nothing you will have to do on your end. You'll be able to stop ModSecurity for any website if necessary, or to activate a detection mode, so that all activity shall be recorded, but the firewall shall not take any real action. You'll be able to view comprehensive logs through your Hepsia CP including the IP where the attack originated from, what the attacker wished to do and how ModSecurity addressed the threat. As we take the security of our customers' websites seriously, we use a group of commercial rules which we get from one of the best companies that maintain such rules. Our admins also add custom rules to ensure that your Internet sites shall be resistant to as many threats as possible.
ModSecurity in Semi-dedicated Servers
All semi-dedicated server solutions that we offer feature ModSecurity and because the firewall is enabled by default, any website which you set up under a domain or a subdomain will be protected right away. An independent section inside the Hepsia CP which comes with the semi-dedicated accounts is devoted to ModSecurity and it'll allow you to start and stop the firewall for any Internet site or enable a detection mode. With the last mentioned, ModSecurity won't take any action, but it will still detect possible attacks and shall keep all data in a log as if it were completely active. The logs could be found in the exact same section of the CP and they include details about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to detect and stop it, and so on. The security rules we use on our machines are a mix of commercial ones from a security company and custom ones made by our system admins. As a result, we offer higher security for your web programs as we can shield them from attacks even before security corporations release updates for brand new threats.
ModSecurity in VPS Servers
ModSecurity is pre-installed on all VPS servers that are provided with the Hepsia hosting Control Panel, so your web applications will be protected from the instant your server is ready. The firewall is turned on by default for any domain or subdomain on the VPS, but if required, you could disable it with a click from the corresponding section of Hepsia. You may also set it to work in detection mode, so it will keep a comprehensive log of any possible attacks without taking any action to prevent them. The logs are available in the same section and include information regarding the nature of the attack, what IP it came from and what ModSecurity rule was initiated to stop it. For best security, we employ not simply commercial rules from a business operating in the field of web security, but also custom ones our administrators include manually in order to react to new threats that are still not addressed in the commercial rules.
ModSecurity in Dedicated Servers
ModSecurity comes with all dedicated servers that are integrated with our Hepsia Control Panel and you won't need to do anything specific on your end to use it as it's activated by default every time you include a new domain or subdomain on your hosting server. In the event that it disrupts any of your apps, you will be able to stop it through the respective part of Hepsia, or you could leave it working in passive mode, so it'll recognize attacks and will still maintain a log for them, but will not stop them. You can look at the logs later to find out what you can do to boost the security of your sites since you'll find info such as where an intrusion attempt came from, what Internet site was attacked and based upon what rule ModSecurity reacted, etc. The rules which we use are commercial, therefore they're regularly updated by a security company, but to be on the safe side, our staff also include custom rules from time to time as to respond to any new threats they have found.