ModSecurity is a powerful firewall for Apache web servers that is used to stop attacks towards web apps. It keeps track of the HTTP traffic to a certain website in real time and prevents any intrusion attempts the instant it discovers them. The firewall relies on a set of rules to do this - as an illustration, attempting to log in to a script admin area without success a few times sets off one rule, sending a request to execute a certain file which may result in gaining access to the website triggers a different rule, and so on. ModSecurity is amongst the best firewalls available on the market and it will secure even scripts that are not updated regularly as it can prevent attackers from employing known exploits and security holes. Very comprehensive information about each and every intrusion attempt is recorded and the logs the firewall maintains are a lot more specific than the standard logs created by the Apache server, so you may later take a look at them and decide whether you need to take more measures so as to increase the protection of your script-driven Internet sites.
ModSecurity in Shared Web Hosting
ModSecurity can be found with each and every shared web hosting package that we provide and it is turned on by default for any domain or subdomain which you add through your Hepsia CP. In case it disrupts any of your apps or you would like to disable it for some reason, you shall be able to accomplish that through the ModSecurity area of Hepsia with just a click. You could also activate a passive mode, so the firewall will detect possible attacks and maintain a log, but won't take any action. You can see detailed logs in the very same section, including the IP where the attack came from, what exactly the attacker aimed to do and at what time, what ModSecurity did, etcetera. For optimum protection of our customers we use a set of commercial firewall rules blended with custom ones that are provided by our system administrators.
ModSecurity in Dedicated Web Hosting
ModSecurity is offered by default with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain which you create on the server. Just in case that a web app doesn't work adequately, you can either disable the firewall or set it to function in passive mode. The second means that ModSecurity will keep a log of any possible attack which could occur, but shall not take any action to stop it. The logs produced in active or passive mode will offer you additional details about the exact file which was attacked, the type of the attack and the IP address it came from, and so on. This information will allow you to choose what steps you can take to improve the security of your sites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we employ are updated often with a commercial package from a third-party security enterprise we work with, but sometimes our staff include their own rules too in the event that they find a new potential threat.