Discover what ModSecurity is, how it works and what exactly it does to protect your web sites and apps.
ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It's employed to prevent attacks against script-driven websites through the use of security rules that contain specific expressions. In this way, the firewall can prevent hacking and spamming attempts and preserve even Internet sites which are not updated on a regular basis. For instance, a number of failed login attempts to a script administrator area or attempts to execute a certain file with the intention to get access to the script shall trigger particular rules, so ModSecurity shall stop these activities the moment it identifies them. The firewall is incredibly efficient as it tracks the entire HTTP traffic to a website in real time without slowing it down, so it will be able to stop an attack before any damage is done. It additionally keeps an exceptionally detailed log of all attack attempts that includes more information than traditional Apache logs, so you can later examine the data and take additional measures to improve the security of your Internet sites if required.
ModSecurity in Hosting
ModSecurity comes standard with all hosting
packages that we offer and it will be activated automatically for any domain or subdomain that you add/create within your Hepsia hosting CP. The firewall has three different modes, so you'll be able to switch on and disable it with a click or set it to detection mode, so it shall maintain a log of all attacks, but it'll not do anything to stop them. The log for each of your websites will contain comprehensive information which includes the nature of the attack, where it originated from, what action was taken by ModSecurity, etcetera. The firewall rules which we use are constantly updated and consist of both commercial ones which we get from a third-party security business and custom ones which our system administrators include in the event that they detect a new sort of attacks. This way, the sites that you host here shall be way more protected without any action expected on your end.
ModSecurity in VPS
Security is very important to us, so we set up ModSecurity on all virtual private servers
that are provided with the Hepsia Control Panel as a standard. The firewall can be managed via a dedicated section in Hepsia and is switched on automatically when you include a new domain or generate a subdomain, so you'll not need to do anything by hand. You will also be able to disable it or turn on the so-called detection mode, so it'll keep a log of possible attacks which you can later analyze, but shall not prevent them. The logs in both passive and active modes include information regarding the type of the attack and how it was prevented, what IP address it originated from and other important information that might help you to tighten the security of your sites by updating them or blocking IPs, for example. In addition to the commercial rules which we get for ModSecurity from a third-party security company, we also use our own rules since from time to time we find specific attacks that are not yet present inside the commercial pack. That way, we can increase the security of your VPS promptly instead of awaiting an official update.
ModSecurity in Dedicated Hosting
ModSecurity is offered by default with all dedicated servers
which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain you create on the server. In the event that a web app does not work correctly, you may either disable the firewall or set it to function in passive mode. The second means that ModSecurity shall maintain a log of any potential attack which may take place, but will not take any action to prevent it. The logs created in passive or active mode will provide you with more details about the exact file which was attacked, the nature of the attack and the IP address it came from, etcetera. This information shall allow you to choose what steps you can take to enhance the security of your Internet sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules which we employ are updated frequently with a commercial bundle from a third-party security company we work with, but sometimes our administrators add their own rules too in case they identify a new potential threat.