ModSecurity is an efficient firewall for Apache web servers that's employed to prevent attacks against web apps. It monitors the HTTP traffic to a given website in real time and blocks any intrusion attempts as soon as it detects them. The firewall relies on a set of rules to do that - as an illustration, attempting to log in to a script administrator area without success many times activates one rule, sending a request to execute a certain file which could result in accessing the website triggers a different rule, and so forth. ModSecurity is amongst the best firewalls on the market and it will secure even scripts that aren't updated regularly as it can prevent attackers from employing known exploits and security holes. Quite comprehensive info about every intrusion attempt is recorded and the logs the firewall maintains are much more comprehensive than the regular logs created by the Apache server, so you may later analyze them and determine if you need to take extra measures in order to improve the protection of your script-driven Internet sites.

ModSecurity in Shared Hosting

We provide ModSecurity with all shared hosting packages, so your web applications shall be resistant to harmful attacks. The firewall is switched on as standard for all domains and subdomains, but if you would like, you shall be able to stop it using the respective section of your Hepsia CP. You could also activate a detection mode, so ModSecurity shall keep a log as intended, but will not take any action. The logs which you will find inside Hepsia are quite detailed and include info about the nature of any attack, when it occurred and from what IP address, the firewall rule that was triggered, and so on. We use a set of commercial rules that are regularly updated, but sometimes our admins add custom rules as well in order to efficiently protect the websites hosted on our servers.

ModSecurity in Dedicated Hosting

ModSecurity is provided by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain that you create on the server. Just in case that a web app does not work correctly, you may either disable the firewall or set it to operate in passive mode. The second means that ModSecurity will keep a log of any possible attack that could take place, but will not take any action to stop it. The logs produced in active or passive mode will offer you more details about the exact file which was attacked, the form of the attack and the IP it came from, etc. This data shall allow you to determine what measures you can take to enhance the security of your sites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules that we use are updated regularly with a commercial pack from a third-party security provider we work with, but sometimes our administrators include their own rules too in case they identify a new potential threat.