ModSecurity
Learn what ModSecurity is, how it functions and just what it does so as to protect your websites and applications.
ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its operation and when it detects an intrusion attempt, it prevents it. The firewall furthermore keeps a more comprehensive log for the traffic than any web server does, so you'll be able to keep an eye on what's happening with your Internet sites a lot better than if you rely only on standard logs. ModSecurity uses security rules based on which it helps prevent attacks. For instance, it recognizes if somebody is attempting to log in to the admin area of a certain script several times or if a request is sent to execute a file with a particular command. In these circumstances these attempts set off the corresponding rules and the firewall software blocks the attempts in real time, and then records in-depth details about them within its logs. ModSecurity is one of the very best software firewalls out there and it could easily protect your web applications against many threats and vulnerabilities, particularly if you don’t update them or their plugins often.
-
ModSecurity in Shared Website Hosting
We offer ModSecurity with all
shared website hosting packages, so your Internet apps will be shielded from destructive attacks. The firewall is turned on as standard for all domains and subdomains, but if you would like, you shall be able to stop it through the respective section of your Hepsia CP. You could also switch on a detection mode, so ModSecurity shall keep a log as intended, but won't take any action. The logs which you will find within Hepsia are incredibly detailed and include info about the nature of any attack, when it transpired and from what IP address, the firewall rule which was triggered, etcetera. We employ a group of commercial rules that are regularly updated, but sometimes our administrators include custom rules as well in order to better protect the sites hosted on our servers.
-
ModSecurity in Semi-dedicated Servers
We've incorporated ModSecurity as a standard in all
semi-dedicated server plans, so your web apps will be protected whenever you install them under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts will permit you to switch on or turn off the firewall for any Internet site with a click. You will also be able to turn on a passive detection mode in which ModSecurity will keep a log of potential attacks without really preventing them. The detailed logs contain the nature of the attack and what ModSecurity response this attack generated, where it came from, etcetera. The list of rules we employ is frequently updated as to match any new threats that may appear on the Internet and it comes with both commercial rules that we get from a security business and custom-written ones which our administrators include in case they discover a threat that is not present in the commercial list yet.
-
ModSecurity in VPS Servers
ModSecurity is pre-installed on all
VPS servers which are provided with the Hepsia hosting Control Panel, so your web programs will be protected from the instant your server is ready. The firewall is turned on by default for any domain or subdomain on the VPS, but if required, you could deactivate it with a click via the corresponding section of Hepsia. You could also set it to operate in detection mode, so it will keep an extensive log of any possible attacks without taking any action to stop them. The logs are available within the very same section and provide information regarding the nature of the attack, what IP address it came from and what ModSecurity rule was initiated to stop it. For best security, we employ not simply commercial rules from a firm working in the field of web security, but also custom ones our administrators add personally in order to respond to new risks which are still not dealt with in the commercial rules.
-
ModSecurity in Dedicated Servers
All of our
dedicated servers which are set up with the Hepsia hosting Control Panel include ModSecurity, so any application which you upload or set up shall be properly secured from the very beginning and you won't need to bother about common attacks or vulnerabilities. An independent section inside Hepsia will allow you to start or stop the firewall for each domain or subdomain, or activate a detection mode so that it records information regarding intrusions, but does not take actions to prevent them. What you shall see in the logs can help you to secure your websites better - the IP an attack came from, what website was attacked and how, what ModSecurity rule was triggered, and so forth. With this info, you'll be able to see if a website needs an update, if you should block IPs from accessing your hosting server, and so forth. In addition to the third-party commercial security rules for ModSecurity that we use, our admins include custom ones too whenever they discover a new threat that is not yet included in the commercial bundle.