ModSecurity is a plugin for Apache web servers that acts as a web app layer firewall. It is employed to stop attacks against script-driven Internet sites by using security rules that contain certain expressions. In this way, the firewall can stop hacking and spamming attempts and shield even websites which are not updated frequently. For example, several failed login attempts to a script admin area or attempts to execute a specific file with the objective to get access to the script shall trigger specific rules, so ModSecurity will stop these activities the instant it detects them. The firewall is quite efficient since it screens the entire HTTP traffic to an Internet site in real time without slowing it down, so it can easily stop an attack before any damage is done. It also keeps an exceptionally detailed log of all attack attempts that includes more information than traditional Apache logs, so you could later check out the data and take extra measures to increase the security of your Internet sites if necessary.
ModSecurity in Shared Web Hosting
ModSecurity comes standard with all shared web hosting packages that we supply and it'll be switched on automatically for any domain or subdomain which you add/create in your Hepsia hosting CP. The firewall has three different modes, so you could switch on and disable it with only a click or set it to detection mode, so it shall keep a log of all attacks, but it will not do anything to prevent them. The log for each of your websites shall contain in-depth info which includes the nature of the attack, where it came from, what action was taken by ModSecurity, etc. The firewall rules that we use are constantly updated and include both commercial ones we get from a third-party security firm and custom ones which our system admins include in the event that they detect a new kind of attacks. This way, the sites that you host here will be much more protected without any action required on your end.
ModSecurity in Dedicated Servers
ModSecurity is available as standard with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain that you create on the hosting server. In case that a web application doesn't function properly, you can either turn off the firewall or set it to work in passive mode. The latter means that ModSecurity shall maintain a log of any potential attack that could take place, but won't take any action to prevent it. The logs created in passive or active mode will present you with more details about the exact file which was attacked, the nature of the attack and the IP address it originated from, and so on. This data will allow you to choose what measures you can take to enhance the security of your Internet sites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we employ are updated often with a commercial package from a third-party security provider we work with, but from time to time our admins add their own rules also in the event that they come across a new potential threat.