ModSecurity
Learn what ModSecurity is, how it functions and just what it does in order to protect your Internet sites and applications.
ModSecurity is an efficient firewall for Apache web servers that is employed to prevent attacks toward web apps. It monitors the HTTP traffic to a particular Internet site in real time and stops any intrusion attempts the moment it detects them. The firewall relies on a set of rules to do this - as an illustration, attempting to log in to a script administration area unsuccessfully many times sets off one rule, sending a request to execute a certain file which could result in gaining access to the website triggers a different rule, etcetera. ModSecurity is one of the best firewalls around and it'll preserve even scripts which aren't updated on a regular basis because it can prevent attackers from using known exploits and security holes. Very comprehensive info about every single intrusion attempt is recorded and the logs the firewall keeps are a lot more detailed than the standard logs generated by the Apache server, so you may later take a look at them and decide if you need to take extra measures in order to improve the security of your script-driven websites.
-
ModSecurity in Shared Website Hosting
ModSecurity can be found with every
shared website hosting solution that we offer and it's activated by default for any domain or subdomain that you add through your Hepsia Control Panel. In case it interferes with any of your programs or you would like to disable it for whatever reason, you'll be able to do this through the ModSecurity section of Hepsia with simply a click. You may also enable a passive mode, so the firewall will detect possible attacks and keep a log, but will not take any action. You could see detailed logs in the exact same section, including the IP where the attack came from, what exactly the attacker attempted to do and at what time, what ModSecurity did, and so on. For maximum safety of our customers we use a set of commercial firewall rules blended with custom ones that are provided by our system administrators.
-
ModSecurity in Semi-dedicated Servers
Any web application that you set up inside your new
semi-dedicated server account shall be protected by ModSecurity since the firewall comes with all our hosting packages and is switched on by default for any domain and subdomain you add or create via your Hepsia hosting CP. You shall be able to manage ModSecurity via a dedicated area inside Hepsia where not only can you activate or deactivate it completely, but you could also enable a passive mode, so the firewall won't stop anything, but it'll still maintain an archive of potential attacks. This takes just a click and you'll be able to see the logs regardless if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was addressed, and so forth. The firewall employs 2 groups of rules on our machines - a commercial one which we get from a third-party web security provider and a custom one that our admins update personally as to respond to newly discovered threats immediately.
-
ModSecurity in VPS Servers
ModSecurity is provided with all Hepsia-based
VPS servers which we offer and it will be switched on automatically for any new domain or subdomain you add on the machine. In this way, any web app which you install will be protected from the very beginning without doing anything personally on your end. The firewall could be managed through the section of the Control Panel that has the same name. This is the area in whichyou'll be able to turn off ModSecurity or let its passive mode, so it will not take any action toward threats, but shall still maintain a thorough log. The recorded data is available inside the same area as well and you shall be able to see what IPs any attacks originated from to enable you to stop them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity responded. The rules we use on our servers are a mixture between commercial ones we get from a security company and custom ones that are included by our administrators to enhance the security of any web applications hosted on our end.
-
ModSecurity in Dedicated Servers
ModSecurity is available as standard with all
dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain you create on the web server. Just in case that a web app does not function properly, you may either disable the firewall or set it to operate in passive mode. The latter means that ModSecurity shall keep a log of any possible attack which could happen, but will not take any action to stop it. The logs produced in active or passive mode shall present you with additional details about the exact file that was attacked, the nature of the attack and the IP it originated from, and so forth. This data will enable you to determine what measures you can take to boost the security of your sites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we use are updated regularly with a commercial pack from a third-party security firm we work with, but from time to time our staff add their own rules too in the event that they discover a new potential threat.