ModSecurity is an efficient firewall for Apache web servers which is used to prevent attacks towards web applications. It tracks the HTTP traffic to a certain Internet site in real time and stops any intrusion attempts as soon as it detects them. The firewall uses a set of rules to accomplish that - as an example, attempting to log in to a script administration area without success a few times triggers one rule, sending a request to execute a specific file that could result in accessing the site triggers a different rule, etcetera. ModSecurity is one of the best firewalls available on the market and it will preserve even scripts that aren't updated often because it can prevent attackers from employing known exploits and security holes. Very thorough information about each intrusion attempt is recorded and the logs the firewall maintains are considerably more comprehensive than the regular logs generated by the Apache server, so you can later examine them and determine if you need to take more measures in order to enhance the security of your script-driven websites.
ModSecurity in Semi-dedicated Servers
Any web application you set up within your new semi-dedicated server account shall be protected by ModSecurity as the firewall comes with all our hosting solutions and is activated by default for any domain and subdomain that you include or create through your Hepsia hosting Control Panel. You will be able to manage ModSecurity through a dedicated area in Hepsia where not only could you activate or deactivate it entirely, but you can also switch on a passive mode, so the firewall shall not stop anything, but it will still keep an archive of possible attacks. This takes just a click and you shall be able to look at the logs no matter if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was addressed, etcetera. The firewall employs two groups of rules on our machines - a commercial one which we get from a third-party web security firm and a custom one that our administrators update personally in order to respond to recently discovered threats as fast as possible.
ModSecurity in VPS Servers
ModSecurity is pre-installed on all VPS servers which are offered with the Hepsia hosting Control Panel, so your web apps shall be protected from the instant your server is ready. The firewall is activated by default for any domain or subdomain on the VPS, but if required, you could disable it with a click from the corresponding section of Hepsia. You can also set it to operate in detection mode, so it will keep an extensive log of any potential attacks without taking any action to stop them. The logs are available in the very same section and include details about the nature of the attack, what IP address it originated from and what ModSecurity rule was triggered to stop it. For optimum security, we use not only commercial rules from a business operating in the field of web security, but also custom ones which our administrators include manually in order to respond to new threats which are still not tackled in the commercial rules.
ModSecurity in Dedicated Servers
ModSecurity is provided by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain that you create on the server. In the event that a web application doesn't function properly, you may either switch off the firewall or set it to function in passive mode. The latter means that ModSecurity will keep a log of any potential attack which could take place, but will not take any action to prevent it. The logs generated in active or passive mode will give you more details about the exact file which was attacked, the type of the attack and the IP it came from, etc. This info will enable you to determine what actions you can take to boost the protection of your websites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we use are updated regularly with a commercial bundle from a third-party security company we work with, but sometimes our admins include their own rules as well in case they identify a new potential threat.