ModSecurity is a potent web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its overall performance and if it discovers an intrusion attempt, it blocks it. The firewall furthermore maintains a more detailed log for the traffic than any web server does, so you'll be able to keep an eye on what's going on with your websites a lot better than if you rely simply on conventional logs. ModSecurity works with security rules based on which it helps prevent attacks. For example, it detects whether somebody is attempting to log in to the administration area of a given script a number of times or if a request is sent to execute a file with a specific command. In these cases these attempts set off the corresponding rules and the software hinders the attempts in real time, after that records comprehensive details about them within its logs. ModSecurity is amongst the very best software firewalls on the market and it can easily protect your web applications against a large number of threats and vulnerabilities, especially if you don’t update them or their plugins frequently.
ModSecurity in Shared Web Hosting
ModSecurity is available on all shared web hosting machines, so if you choose to host your websites with our business, they shall be protected against an array of attacks. The firewall is turned on by default for all domains and subdomains, so there'll be nothing you'll need to do on your end. You shall be able to stop ModSecurity for any Internet site if necessary, or to switch on a detection mode, so all activity shall be recorded, but the firewall shall not take any real action. You shall be able to view comprehensive logs via your Hepsia CP including the IP address where the attack originated from, what the attacker planned to do and how ModSecurity handled the threat. As we take the protection of our customers' sites very seriously, we use a set of commercial rules that we get from one of the top firms that maintain this type of rules. Our admins also include custom rules to ensure that your sites shall be protected against as many threats as possible.
ModSecurity in Semi-dedicated Hosting
Any web app which you install within your new semi-dedicated hosting account will be protected by ModSecurity as the firewall comes with all our hosting solutions and is turned on by default for any domain and subdomain which you include or create using your Hepsia hosting Control Panel. You shall be able to manage ModSecurity via a dedicated area inside Hepsia where not simply can you activate or deactivate it entirely, but you could also enable a passive mode, so the firewall will not block anything, but it'll still maintain a record of possible attacks. This takes just a click and you will be able to look at the logs regardless if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was handled, etcetera. The firewall uses 2 sets of rules on our servers - a commercial one which we get from a third-party web security firm and a custom one which our administrators update personally in order to respond to newly discovered risks immediately.
ModSecurity in Dedicated Servers Hosting
All of our dedicated servers that are set up with the Hepsia hosting Control Panel include ModSecurity, so any app you upload or set up shall be properly secured from the very beginning and you will not need to stress about common attacks or vulnerabilities. An independent section inside Hepsia will enable you to start or stop the firewall for each and every domain or subdomain, or turn on a detection mode so that it records information regarding intrusions, but does not take actions to prevent them. What you shall find in the logs shall enable you to to secure your sites better - the IP address an attack came from, what site was attacked and in what way, what ModSecurity rule was triggered, and so on. With this info, you can see if a website needs an update, if you ought to block IPs from accessing your server, and so on. In addition to the third-party commercial security rules for ModSecurity that we use, our administrators include custom ones too if they come across a new threat which is not yet in the commercial bundle.