ModSecurity is a powerful firewall for Apache web servers that is used to prevent attacks against web applications. It monitors the HTTP traffic to a certain site in real time and stops any intrusion attempts as soon as it discovers them. The firewall relies on a set of rules to do that - for instance, attempting to log in to a script administrator area without success several times sets off one rule, sending a request to execute a specific file which may result in accessing the website triggers a different rule, and so on. ModSecurity is among the best firewalls around and it'll secure even scripts which aren't updated regularly since it can prevent attackers from employing known exploits and security holes. Quite comprehensive info about every intrusion attempt is recorded and the logs the firewall keeps are considerably more specific than the standard logs created by the Apache server, so you can later examine them and determine whether you need to take more measures so as to enhance the security of your script-driven sites.

ModSecurity in Hosting

ModSecurity comes by default with all hosting solutions that we provide and it will be switched on automatically for any domain or subdomain that you add/create within your Hepsia hosting CP. The firewall has three different modes, so you can activate and deactivate it with simply a click or set it to detection mode, so it will keep a log of all attacks, but it shall not do anything to stop them. The log for each of your websites will contain detailed info which includes the nature of the attack, where it came from, what action was taken by ModSecurity, and so forth. The firewall rules that we use are frequently updated and include both commercial ones that we get from a third-party security company and custom ones our system admins include in case that they detect a new sort of attacks. That way, the sites which you host here shall be much more protected with no action needed on your end.

ModSecurity in Dedicated Servers

ModSecurity is provided by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain that you host or subdomain that you create on the hosting server. In case that a web application doesn't operate properly, you could either switch off the firewall or set it to function in passive mode. The latter means that ModSecurity will keep a log of any potential attack that might happen, but won't take any action to stop it. The logs produced in passive or active mode will give you more details about the exact file that was attacked, the nature of the attack and the IP address it originated from, etc. This data will allow you to choose what actions you can take to improve the safety of your sites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules which we employ are updated frequently with a commercial package from a third-party security enterprise we work with, but sometimes our staff include their own rules as well in case they discover a new potential threat.