ModSecurity is a potent web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its performance and when it discovers an intrusion attempt, it blocks it. The firewall also keeps a more comprehensive log for the traffic than any web server does, so you'll be able to monitor what is happening with your sites much better than if you rely only on standard logs. ModSecurity works with security rules based on which it stops attacks. For instance, it identifies if someone is attempting to log in to the administration area of a specific script multiple times or if a request is sent to execute a file with a certain command. In these circumstances these attempts set off the corresponding rules and the firewall software hinders the attempts immediately, then records detailed details about them within its logs. ModSecurity is amongst the most effective software firewalls out there and it can easily protect your web apps against many threats and vulnerabilities, especially if you don’t update them or their plugins frequently.
ModSecurity in Shared Web Hosting
ModSecurity is available on all shared web hosting machines, so when you opt to host your sites with our company, they shall be protected against a wide range of attacks. The firewall is enabled as standard for all domains and subdomains, so there shall be nothing you will have to do on your end. You'll be able to stop ModSecurity for any website if needed, or to activate a detection mode, so that all activity will be recorded, but the firewall won't take any real action. You shall be able to view specific logs using your Hepsia Control Panel including the IP address where the attack came from, what the attacker wanted to do and how ModSecurity dealt with the threat. As we take the security of our customers' websites very seriously, we employ a selection of commercial rules which we get from one of the leading firms that maintain this sort of rules. Our admins also include custom rules to make sure that your sites shall be resistant to as many risks as possible.
ModSecurity in Dedicated Servers
ModSecurity is provided by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain that you create on the server. In case that a web application doesn't function adequately, you could either disable the firewall or set it to operate in passive mode. The latter means that ModSecurity shall keep a log of any potential attack that might take place, but will not take any action to prevent it. The logs produced in passive or active mode shall present you with more details about the exact file which was attacked, the form of the attack and the IP it originated from, and so on. This information shall allow you to determine what actions you can take to boost the protection of your websites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we employ are updated frequently with a commercial bundle from a third-party security company we work with, but from time to time our administrators add their own rules as well when they identify a new potential threat.