ModSecurity is an efficient firewall for Apache web servers that's used to prevent attacks toward web applications. It tracks the HTTP traffic to a specific site in real time and blocks any intrusion attempts as soon as it identifies them. The firewall uses a set of rules to do this - as an illustration, attempting to log in to a script admin area unsuccessfully a few times sets off one rule, sending a request to execute a specific file which may result in accessing the site triggers another rule, etc. ModSecurity is one of the best firewalls available and it'll preserve even scripts which aren't updated on a regular basis as it can prevent attackers from employing known exploits and security holes. Incredibly comprehensive info about every single intrusion attempt is recorded and the logs the firewall keeps are far more comprehensive than the regular logs generated by the Apache server, so you could later examine them and determine if you need to take more measures in order to boost the protection of your script-driven websites.

ModSecurity in Semi-dedicated Servers

We have included ModSecurity as a standard within all semi-dedicated server packages, so your web applications will be protected the instant you set them up under any domain or subdomain. The Hepsia Control Panel which comes with the semi-dedicated accounts will allow you to switch on or disable the firewall for any Internet site with a click. You'll also have the ability to turn on a passive detection mode with which ModSecurity shall maintain a log of potential attacks without actually stopping them. The comprehensive logs include things like the nature of the attack and what ModSecurity response this attack triggered, where it originated from, etcetera. The list of rules we employ is frequently updated in order to match any new risks that may appear on the Internet and it consists of both commercial rules that we get from a security firm and custom-written ones which our admins include in the event that they find a threat which is not present inside the commercial list yet.

ModSecurity in VPS Servers

ModSecurity comes with all Hepsia-based VPS servers that we offer and it shall be switched on automatically for every new domain or subdomain that you include on the web server. In this way, any web application you install shall be secured immediately without doing anything personally on your end. The firewall may be handled from the section of the Control Panel that bears the same name. This is the place whereyou'll be able to turn off ModSecurity or let its passive mode, so it shall not take any action against threats, but shall still keep a thorough log. The recorded info is available inside the same area as well and you'll be able to see what IPs any attacks came from to enable you to block them, what the nature of the attempted attacks was and based on what security rules ModSecurity responded. The rules that we employ on our servers are a combination between commercial ones that we obtain from a security firm and custom ones which are included by our staff to maximize the protection of any web applications hosted on our end.

ModSecurity in Dedicated Servers

ModSecurity is included with all dedicated servers that are set up with our Hepsia Control Panel and you will not need to do anything specific on your end to use it since it is switched on by default each time you add a new domain or subdomain on your hosting server. In the event that it interferes with any of your applications, you will be able to stop it through the respective part of Hepsia, or you can leave it operating in passive mode, so it shall detect attacks and shall still maintain a log for them, but shall not stop them. You'll be able to analyze the logs later to learn what you can do to increase the security of your Internet sites as you'll find details such as where an intrusion attempt originated from, what website was attacked and based upon what rule ModSecurity reacted, etc. The rules which we employ are commercial, therefore they're constantly updated by a security firm, but to be on the safe side, our staff also add custom rules occasionally in order to deal with any new threats they have found.