ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It's employed to stop attacks toward script-driven sites by employing security rules which contain particular expressions. That way, the firewall can prevent hacking and spamming attempts and preserve even websites which are not updated on a regular basis. For example, multiple failed login attempts to a script administrative area or attempts to execute a certain file with the objective to get access to the script will trigger specific rules, so ModSecurity will block these activities the moment it detects them. The firewall is incredibly efficient because it tracks the entire HTTP traffic to an Internet site in real time without slowing it down, so it can easily prevent an attack before any harm is done. It furthermore keeps an exceptionally thorough log of all attack attempts which contains more information than traditional Apache logs, so you can later check out the data and take further measures to increase the security of your Internet sites if necessary.
ModSecurity in Shared Hosting
ModSecurity comes by default with all shared hosting plans that we offer and it shall be switched on automatically for any domain or subdomain you add/create within your Hepsia hosting CP. The firewall has 3 different modes, so you can activate and deactivate it with only a click or set it to detection mode, so it shall maintain a log of all attacks, but it shall not do anything to stop them. The log for any of your Internet sites shall include detailed information which includes the nature of the attack, where it came from, what action was taken by ModSecurity, etc. The firewall rules which we use are constantly updated and incorporate both commercial ones which we get from a third-party security company and custom ones that our system administrators include in case that they detect a new kind of attacks. This way, the Internet sites which you host here shall be way more protected without any action required on your end.
ModSecurity in Semi-dedicated Servers
Any web program you set up within your new semi-dedicated server account will be protected by ModSecurity as the firewall is included with all our hosting solutions and is switched on by default for any domain and subdomain which you include or create through your Hepsia hosting Control Panel. You will be able to manage ModSecurity via a dedicated section in Hepsia where not simply could you activate or deactivate it fully, but you could also enable a passive mode, so the firewall won't stop anything, but it shall still maintain an archive of possible attacks. This requires simply a click and you'll be able to view the logs no matter if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was addressed, etc. The firewall uses 2 sets of rules on our machines - a commercial one that we get from a third-party web security company and a custom one which our administrators update personally in order to respond to newly discovered risks as fast as possible.
ModSecurity in Dedicated Servers
ModSecurity is available by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain that you host or subdomain you create on the hosting server. In the event that a web application does not function properly, you can either disable the firewall or set it to function in passive mode. The latter means that ModSecurity shall keep a log of any possible attack which might take place, but shall not take any action to prevent it. The logs produced in passive or active mode shall offer you more details about the exact file which was attacked, the type of the attack and the IP address it originated from, etcetera. This data will permit you to determine what actions you can take to improve the security of your Internet sites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules which we use are updated frequently with a commercial package from a third-party security company we work with, but occasionally our admins add their own rules as well in case they come across a new potential threat.