ModSecurity is a highly effective firewall for Apache web servers that is used to stop attacks towards web apps. It tracks the HTTP traffic to a given site in real time and blocks any intrusion attempts the moment it identifies them. The firewall relies on a set of rules to do that - as an example, attempting to log in to a script administration area unsuccessfully a few times sets off one rule, sending a request to execute a specific file that may result in getting access to the site triggers a different rule, etcetera. ModSecurity is amongst the best firewalls available on the market and it will preserve even scripts that aren't updated on a regular basis because it can prevent attackers from employing known exploits and security holes. Very detailed data about every single intrusion attempt is recorded and the logs the firewall maintains are far more detailed than the regular logs provided by the Apache server, so you can later analyze them and decide whether you need to take extra measures in order to improve the security of your script-driven sites.
ModSecurity in Cloud Hosting
ModSecurity is supplied with all cloud hosting servers, so when you choose to host your Internet sites with our firm, they'll be protected against a wide array of attacks. The firewall is enabled as standard for all domains and subdomains, so there shall be nothing you will have to do on your end. You'll be able to stop ModSecurity for any website if needed, or to activate a detection mode, so that all activity will be recorded, but the firewall will not take any real action. You shall be able to view comprehensive logs through your Hepsia Control Panel including the IP where the attack originated from, what the attacker wanted to do and how ModSecurity handled the threat. Since we take the safety of our customers' websites very seriously, we use a group of commercial rules that we take from one of the best companies which maintain this sort of rules. Our admins also add custom rules to make sure that your sites will be shielded from as many risks as possible.
ModSecurity in Semi-dedicated Servers
We've included ModSecurity by default in all semi-dedicated server plans, so your web applications will be protected as soon as you set them up under any domain or subdomain. The Hepsia Control Panel which is included with the semi-dedicated accounts will allow you to switch on or turn off the firewall for any website with a click. You shall also have the ability to activate a passive detection mode with which ModSecurity shall maintain a log of possible attacks without actually stopping them. The detailed logs contain the nature of the attack and what ModSecurity response that attack activated, where it came from, and so forth. The list of rules that we use is frequently updated as to match any new risks that might appear on the Internet and it features both commercial rules that we get from a security company and custom-written ones which our admins add in the event that they find a threat which is not present within the commercial list yet.
ModSecurity in VPS Servers
ModSecurity is provided with all Hepsia-based VPS servers which we offer and it'll be activated automatically for every new domain or subdomain you add on the web server. This way, any web application that you install shall be secured immediately without doing anything manually on your end. The firewall could be managed through the section of the CP which has the same name. This is the location in whichyou could turn off ModSecurity or let its passive mode, so it shall not take any action against threats, but will still keep a comprehensive log. The recorded information is available within the same section as well and you shall be able to see what IPs any attacks came from so that you can stop them, what the nature of the attempted attacks was and based on what security rules ModSecurity responded. The rules which we employ on our servers are a combination between commercial ones that we obtain from a security organization and custom ones that are added by our administrators to improve the security of any web applications hosted on our end.
ModSecurity in Dedicated Servers
All of our dedicated servers which are set up with the Hepsia hosting CP include ModSecurity, so any program you upload or install shall be secured from the very beginning and you will not need to concern yourself with common attacks or vulnerabilities. A separate section within Hepsia will enable you to start or stop the firewall for each domain or subdomain, or turn on a detection mode so that it records information about intrusions, but doesn't take actions to prevent them. What you shall see in the logs can enable you to to secure your sites better - the IP an attack originated from, what site was attacked and how, what ModSecurity rule was triggered, and so on. With this data, you can see whether a website needs an update, if you need to block IPs from accessing your hosting server, etc. Besides the third-party commercial security rules for ModSecurity which we use, our admins include custom ones too whenever they find a new threat which is not yet in the commercial bundle.