ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It's used to stop attacks toward script-driven websites by employing security rules which contain particular expressions. This way, the firewall can stop hacking and spamming attempts and shield even sites which aren't updated frequently. For instance, several failed login attempts to a script admin area or attempts to execute a particular file with the objective to get access to the script shall trigger certain rules, so ModSecurity shall block out these activities the second it identifies them. The firewall is extremely efficient as it tracks the whole HTTP traffic to a website in real time without slowing it down, so it can stop an attack before any harm is done. It additionally maintains an incredibly detailed log of all attack attempts which features more information than conventional Apache logs, so you could later check out the data and take further measures to increase the security of your sites if needed.
ModSecurity in Shared Hosting
ModSecurity is supplied with all shared hosting
web servers, so if you opt to host your Internet sites with our company, they will be protected against an array of attacks. The firewall is enabled as standard for all domains and subdomains, so there shall be nothing you'll have to do on your end. You shall be able to stop ModSecurity for any site if required, or to enable a detection mode, so that all activity will be recorded, but the firewall won't take any real action. You shall be able to view detailed logs from your Hepsia Control Panel including the IP where the attack came from, what the attacker wished to do and how ModSecurity dealt with the threat. As we take the protection of our customers' sites seriously, we employ a selection of commercial rules that we get from one of the top companies which maintain this type of rules. Our admins also include custom rules to ensure that your Internet sites will be protected against as many risks as possible.
ModSecurity in Semi-dedicated Hosting
We have integrated ModSecurity as a standard in all semi-dedicated hosting
products, so your web apps shall be protected whenever you set them up under any domain or subdomain. The Hepsia Control Panel which comes with the semi-dedicated accounts shall permit you to enable or turn off the firewall for any Internet site with a mouse click. You shall also be able to switch on a passive detection mode with which ModSecurity shall maintain a log of possible attacks without really preventing them. The thorough logs include things like the nature of the attack and what ModSecurity response this attack caused, where it originated from, etcetera. The list of rules which we use is regularly updated as to match any new threats that might appear on the Internet and it includes both commercial rules that we get from a security firm and custom-written ones that our admins add if they find a threat which is not present inside the commercial list yet.
ModSecurity in VPS Hosting
ModSecurity is included with all Hepsia-based virtual private servers
which we offer and it'll be turned on automatically for any new domain or subdomain you add on the machine. This way, any web app which you install shall be protected right away without doing anything personally on your end. The firewall can be handled through the section of the Control Panel that has the same name. This is the location whereyou can disable ModSecurity or activate its passive mode, so it will not take any action toward threats, but will still maintain a comprehensive log. The recorded information is available within the same area as well and you shall be able to see what IPs any attacks came from so that you stop them, what the nature of the attempted attacks was and based on what security rules ModSecurity reacted. The rules we use on our servers are a mix between commercial ones we obtain from a security firm and custom ones that are added by our staff to optimize the security of any web applications hosted on our end.
ModSecurity in Dedicated Web Hosting
ModSecurity is included with all dedicated servers
that are integrated with our Hepsia Control Panel and you won't have to do anything specific on your end to employ it because it is switched on by default each time you add a new domain or subdomain on your web server. In the event that it disrupts any of your applications, you'll be able to stop it through the respective area of Hepsia, or you could leave it operating in passive mode, so it shall detect attacks and will still maintain a log for them, but won't block them. You could look at the logs later to determine what you can do to improve the security of your websites as you shall find details such as where an intrusion attempt originated from, what website was attacked and based upon what rule ModSecurity responded, etc. The rules that we use are commercial, therefore they're constantly updated by a security firm, but to be on the safe side, our admins also add custom rules once in a while in order to react to any new threats they have identified.