ModSecurity is an efficient firewall for Apache web servers which is used to stop attacks toward web applications. It monitors the HTTP traffic to a certain website in real time and prevents any intrusion attempts as soon as it identifies them. The firewall relies on a set of rules to accomplish that - as an illustration, trying to log in to a script administration area without success many times activates one rule, sending a request to execute a specific file which may result in accessing the website triggers a different rule, and so on. ModSecurity is amongst the best firewalls out there and it'll protect even scripts which aren't updated on a regular basis since it can prevent attackers from using known exploits and security holes. Quite thorough data about each intrusion attempt is recorded and the logs the firewall keeps are far more comprehensive than the conventional logs generated by the Apache server, so you can later take a look at them and decide whether you need to take more measures in order to increase the safety of your script-driven websites.
ModSecurity in Shared Web Hosting
ModSecurity comes by default with all shared web hosting
plans that we offer and it will be activated automatically for any domain or subdomain that you add/create inside your Hepsia hosting CP. The firewall has 3 different modes, so you could switch on and disable it with only a mouse click or set it to detection mode, so it shall keep a log of all attacks, but it'll not do anything to stop them. The log for each of your websites will feature comprehensive info such as the nature of the attack, where it came from, what action was taken by ModSecurity, etc. The firewall rules we use are constantly updated and consist of both commercial ones that we get from a third-party security business and custom ones which our system admins add in case that they detect a new sort of attacks. That way, the websites that you host here shall be much more secure without any action expected on your end.
ModSecurity in Dedicated Servers
ModSecurity is available by default with all dedicated servers
that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain you create on the hosting server. In the event that a web app does not function correctly, you can either turn off the firewall or set it to work in passive mode. The latter means that ModSecurity shall maintain a log of any potential attack that could take place, but shall not take any action to stop it. The logs created in passive or active mode will give you additional details about the exact file which was attacked, the form of the attack and the IP address it came from, etcetera. This information shall allow you to decide what steps you can take to increase the protection of your sites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules we use are updated often with a commercial package from a third-party security enterprise we work with, but oftentimes our staff include their own rules as well in case they discover a new potential threat.