ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It is employed to prevent attacks toward script-driven websites by employing security rules which contain particular expressions. This way, the firewall can stop hacking and spamming attempts and preserve even websites that aren't updated frequently. For example, several unsuccessful login attempts to a script administrative area or attempts to execute a specific file with the purpose to get access to the script will trigger certain rules, so ModSecurity shall block out these activities the minute it discovers them. The firewall is quite efficient as it tracks the entire HTTP traffic to a website in real time without slowing it down, so it can easily stop an attack before any harm is done. It furthermore maintains an incredibly thorough log of all attack attempts which includes more information than standard Apache logs, so you could later examine the data and take further measures to boost the security of your websites if required.
ModSecurity in Cloud Hosting
ModSecurity is available on all cloud hosting machines, so when you opt to host your Internet sites with our organization, they'll be protected against a wide range of attacks. The firewall is turned on by default for all domains and subdomains, so there'll be nothing you'll have to do on your end. You'll be able to stop ModSecurity for any website if needed, or to activate a detection mode, so that all activity shall be recorded, but the firewall shall not take any real action. You'll be able to view detailed logs using your Hepsia Control Panel including the IP address where the attack came from, what the attacker wished to do and how ModSecurity addressed the threat. Since we take the safety of our clients' Internet sites very seriously, we employ a selection of commercial rules which we get from one of the best firms that maintain this kind of rules. Our administrators also add custom rules to make sure that your sites shall be shielded from as many risks as possible.
ModSecurity in Semi-dedicated Hosting
We've integrated ModSecurity by default inside all semi-dedicated hosting products, so your web applications shall be protected the instant you set them up under any domain or subdomain. The Hepsia CP which is included with the semi-dedicated accounts shall permit you to enable or disable the firewall for any Internet site with a click. You will also have the ability to switch on a passive detection mode through which ModSecurity will maintain a log of potential attacks without really preventing them. The thorough logs include the nature of the attack and what ModSecurity response this attack initiated, where it came from, etcetera. The list of rules that we employ is frequently updated as to match any new threats which may appear on the Internet and it features both commercial rules that we get from a security business and custom-written ones that our admins include in the event that they find a threat that is not present inside the commercial list yet.
ModSecurity in VPS Hosting
Protection is extremely important to us, so we set up ModSecurity on all virtual private servers which are set up with the Hepsia CP as a standard. The firewall can be managed through a dedicated section within Hepsia and is switched on automatically when you include a new domain or create a subdomain, so you won't need to do anything by hand. You shall also be able to disable it or switch on the so-called detection mode, so it will maintain a log of possible attacks that you can later study, but won't prevent them. The logs in both passive and active modes include information regarding the kind of the attack and how it was prevented, what IP address it originated from and other useful info that could help you to tighten the security of your sites by updating them or blocking IPs, for instance. Beyond the commercial rules that we get for ModSecurity from a third-party security firm, we also use our own rules since once in a while we identify specific attacks that aren't yet present inside the commercial pack. This way, we could enhance the protection of your VPS right away instead of awaiting a certified update.
ModSecurity in Dedicated Web Hosting
All our dedicated servers that are installed with the Hepsia hosting Control Panel include ModSecurity, so any program you upload or install will be secured from the very beginning and you'll not need to worry about common attacks or vulnerabilities. An independent section inside Hepsia will allow you to start or stop the firewall for each domain or subdomain, or activate a detection mode so that it records details about intrusions, but doesn't take actions to prevent them. What you will discover in the logs can easily enable you to to secure your Internet sites better - the IP an attack came from, what website was attacked and exactly how, what ModSecurity rule was triggered, and so forth. With this data, you can see if a website needs an update, if you need to block IPs from accessing your hosting server, etcetera. In addition to the third-party commercial security rules for ModSecurity which we use, our admins add custom ones too every time they find a new threat which is not yet a part of the commercial bundle.