ModSecurity is a powerful firewall for Apache web servers that is employed to prevent attacks against web applications. It monitors the HTTP traffic to a certain Internet site in real time and blocks any intrusion attempts the moment it discovers them. The firewall uses a set of rules to do this - for instance, trying to log in to a script admin area unsuccessfully a few times triggers one rule, sending a request to execute a specific file which could result in getting access to the website triggers a different rule, and so on. ModSecurity is amongst the best firewalls available on the market and it will preserve even scripts that are not updated often as it can prevent attackers from using known exploits and security holes. Very comprehensive data about every single intrusion attempt is recorded and the logs the firewall maintains are a lot more specific than the standard logs generated by the Apache server, so you could later take a look at them and decide whether you need to take additional measures in order to enhance the security of your script-driven sites.

ModSecurity in Semi-dedicated Servers

ModSecurity is part of our semi-dedicated server packages and if you decide to host your sites with us, there won't be anything special you will have to do since the firewall is switched on by default for all domains and subdomains which you include via your hosting CP. If necessary, you'll be able to disable ModSecurity for a particular website or enable the so-called detection mode in which case the firewall shall still function and record info, but will not do anything to prevent possible attacks on your Internet sites. Detailed logs shall be accessible in your Control Panel and you will be able to see which kind of attacks happened, what security rules were triggered and how the firewall addressed the threats, what Internet protocol addresses the attacks originated from, etcetera. We employ 2 sorts of rules on our servers - commercial ones from a business that operates in the field of web security, and custom ones which our administrators sometimes add to respond to newly identified threats promptly.

ModSecurity in VPS Servers

ModSecurity comes with all Hepsia-based VPS servers which we offer and it will be turned on automatically for any new domain or subdomain that you include on the machine. That way, any web application you install shall be secured immediately without doing anything manually on your end. The firewall could be managed through the section of the CP that has the same name. This is the area in whichyou'll be able to switch off ModSecurity or activate its passive mode, so it shall not take any action toward threats, but will still keep a detailed log. The recorded data is available inside the same area as well and you shall be able to see what IPs any attacks originated from so that you can block them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity responded. The rules which we employ on our servers are a mix between commercial ones we obtain from a security organization and custom ones that are added by our administrators to optimize the protection of any web applications hosted on our end.

ModSecurity in Dedicated Servers

ModSecurity is provided by default with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain that you host or subdomain you create on the web server. In case that a web app does not function adequately, you may either switch off the firewall or set it to work in passive mode. The latter means that ModSecurity shall maintain a log of any possible attack that may take place, but won't take any action to prevent it. The logs generated in passive or active mode shall present you with more details about the exact file that was attacked, the nature of the attack and the IP it came from, and so forth. This info will allow you to decide what steps you can take to increase the security of your websites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules we employ are updated often with a commercial package from a third-party security enterprise we work with, but sometimes our administrators add their own rules as well in case they identify a new potential threat.