ModSecurity is a potent web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to an Internet site without affecting its functionality and when it detects an intrusion attempt, it blocks it. The firewall additionally keeps a more detailed log for the website visitors than any server does, so you shall manage to monitor what is happening with your websites much better than if you rely merely on standard logs. ModSecurity uses security rules based on which it prevents attacks. For instance, it identifies whether anyone is trying to log in to the admin area of a certain script multiple times or if a request is sent to execute a file with a specific command. In such circumstances these attempts set off the corresponding rules and the firewall software hinders the attempts in real time, and then records in-depth info about them inside its logs. ModSecurity is amongst the most effective software firewalls available and it can easily protect your web apps against many threats and vulnerabilities, particularly if you don’t update them or their plugins often.
ModSecurity in Hosting
ModSecurity comes standard with all hosting packages that we provide and it will be switched on automatically for any domain or subdomain you add/create within your Hepsia hosting Control Panel. The firewall has 3 different modes, so you'll be able to switch on and deactivate it with just a mouse click or set it to detection mode, so it will maintain a log of all attacks, but it will not do anything to prevent them. The log for any of your sites shall include in-depth information such as the nature of the attack, where it came from, what action was taken by ModSecurity, and so on. The firewall rules we use are regularly updated and comprise of both commercial ones we get from a third-party security firm and custom ones that our system admins include in case that they detect a new type of attacks. That way, the websites you host here will be far more protected with no action needed on your end.
ModSecurity in Dedicated Servers
ModSecurity is offered by default with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain that you create on the web server. Just in case that a web app doesn't work adequately, you could either turn off the firewall or set it to function in passive mode. The latter means that ModSecurity will maintain a log of any potential attack which might happen, but shall not take any action to prevent it. The logs generated in active or passive mode shall give you more details about the exact file which was attacked, the form of the attack and the IP address it originated from, and so forth. This info will enable you to decide what actions you can take to boost the security of your Internet sites, including blocking IPs or performing script and plugin updates. The ModSecurity rules that we employ are updated often with a commercial package from a third-party security provider we work with, but from time to time our administrators include their own rules also in case they identify a new potential threat.