ModSecurity
Find out what ModSecurity actually is, the way it works and what precisely it can do to protect your sites and applications.
ModSecurity is a plugin for Apache web servers which functions as a web application layer firewall. It is used to stop attacks against script-driven Internet sites by using security rules that contain specific expressions. This way, the firewall can stop hacking and spamming attempts and protect even Internet sites which aren't updated frequently. For instance, numerous unsuccessful login attempts to a script administrator area or attempts to execute a specific file with the intention to get access to the script shall trigger particular rules, so ModSecurity will block these activities the minute it identifies them. The firewall is incredibly efficient since it monitors the entire HTTP traffic to a site in real time without slowing it down, so it can easily prevent an attack before any damage is done. It also maintains a very thorough log of all attack attempts that includes more information than typical Apache logs, so you can later analyze the data and take further measures to enhance the security of your websites if needed.
-
ModSecurity in Web Hosting
ModSecurity is available with every single
web hosting solution that we provide and it's turned on by default for any domain or subdomain which you add via your Hepsia CP. In case it disrupts any of your programs or you'd like to disable it for any reason, you shall be able to do this through the ModSecurity section of Hepsia with just a mouse click. You may also use a passive mode, so the firewall will recognize possible attacks and keep a log, but will not take any action. You'll be able to see detailed logs in the very same section, including the IP address where the attack came from, what exactly the attacker aimed to do and at what time, what ModSecurity did, and so forth. For max safety of our customers we use a set of commercial firewall rules combined with custom ones which are added by our system admins.
-
ModSecurity in Semi-dedicated Servers
ModSecurity is part of our
semi-dedicated server solutions and if you opt to host your sites with us, there will not be anything special you'll have to do since the firewall is activated by default for all domains and subdomains that you include through your hosting CP. If required, you can disable ModSecurity for a given Internet site or enable the so-called detection mode in which case the firewall shall still operate and record information, but will not do anything to stop possible attacks on your Internet sites. Detailed logs will be available within your Control Panel and you shall be able to see what type of attacks occurred, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks came from, etcetera. We employ two types of rules on our servers - commercial ones from a firm that operates in the field of web security, and customized ones that our administrators occasionally add to respond to newly discovered risks on time.
-
ModSecurity in VPS Servers
Protection is very important to us, so we set up ModSecurity on all
VPS servers that are provided with the Hepsia CP as a standard. The firewall could be managed via a dedicated section in Hepsia and is turned on automatically when you include a new domain or generate a subdomain, so you will not need to do anything manually. You will also be able to disable it or turn on the so-called detection mode, so it shall maintain a log of potential attacks you can later examine, but will not stop them. The logs in both passive and active modes contain details about the form of the attack and how it was prevented, what IP it originated from and other important data which may help you to tighten the security of your Internet sites by updating them or blocking IPs, for example. Besides the commercial rules we get for ModSecurity from a third-party security company, we also implement our own rules since from time to time we discover specific attacks that are not yet present within the commercial pack. This way, we can easily improve the security of your Virtual private server immediately rather than waiting for a certified update.
-
ModSecurity in Dedicated Servers
ModSecurity is included with all
dedicated servers which are set up with our Hepsia Control Panel and you will not need to do anything specific on your end to employ it as it's activated by default whenever you add a new domain or subdomain on your hosting server. If it disrupts any of your apps, you'll be able to stop it through the respective area of Hepsia, or you may leave it operating in passive mode, so it will identify attacks and shall still keep a log for them, but won't stop them. You could look at the logs later to determine what you can do to increase the protection of your websites since you will find details such as where an intrusion attempt originated from, what website was attacked and based on what rule ModSecurity responded, etcetera. The rules that we employ are commercial, therefore they are frequently updated by a security provider, but to be on the safe side, our staff also add custom rules from time to time in order to react to any new threats they have discovered.