ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its functionality and in case it identifies an intrusion attempt, it prevents it. The firewall also keeps a more comprehensive log for the website visitors than any web server does, so you shall manage to keep an eye on what's happening with your sites better than if you rely simply on standard logs. ModSecurity uses security rules based on which it stops attacks. For instance, it identifies if someone is attempting to log in to the administrator area of a given script a number of times or if a request is sent to execute a file with a certain command. In these instances these attempts trigger the corresponding rules and the software blocks the attempts immediately, then records detailed info about them in its logs. ModSecurity is among the best software firewalls available and it can easily protect your web applications against a huge number of threats and vulnerabilities, particularly in case you don’t update them or their plugins frequently.
ModSecurity in Shared Website Hosting
ModSecurity is available on all shared website hosting machines, so when you choose to host your sites with our business, they will be resistant to a wide array of attacks. The firewall is turned on as standard for all domains and subdomains, so there will be nothing you shall need to do on your end. You will be able to stop ModSecurity for any Internet site if required, or to switch on a detection mode, so that all activity will be recorded, but the firewall will not take any real action. You'll be able to view comprehensive logs through your Hepsia CP including the IP address where the attack originated from, what the attacker wanted to do and how ModSecurity addressed the threat. Since we take the protection of our customers' websites very seriously, we employ a selection of commercial rules which we take from one of the best companies that maintain this sort of rules. Our administrators also include custom rules to make sure that your sites shall be resistant to as many threats as possible.
ModSecurity in Semi-dedicated Hosting
ModSecurity is part of our semi-dedicated hosting solutions and if you decide to host your Internet sites with us, there won't be anything special you'll need to do given that the firewall is switched on by default for all domains and subdomains which you include through your hosting Control Panel. If required, you could disable ModSecurity for a particular site or switch on the so-called detection mode in which case the firewall shall still work and record info, but won't do anything to prevent possible attacks against your sites. Comprehensive logs shall be accessible in your Control Panel and you will be able to see what sort of attacks occurred, what security rules were triggered and how the firewall addressed the threats, what Internet protocol addresses the attacks originated from, etcetera. We use two types of rules on our servers - commercial ones from a business which operates in the field of web security, and custom made ones which our administrators sometimes include to respond to newly discovered risks on time.
ModSecurity in Dedicated Servers Hosting
ModSecurity comes with all dedicated servers that are set up with our Hepsia Control Panel and you will not have to do anything specific on your end to use it since it's switched on by default each time you add a new domain or subdomain on your server. In the event that it disrupts any of your programs, you'll be able to stop it through the respective section of Hepsia, or you may leave it in passive mode, so it shall recognize attacks and will still maintain a log for them, but will not block them. You can look at the logs later to find out what you can do to boost the safety of your sites since you will find information such as where an intrusion attempt came from, what site was attacked and based upon what rule ModSecurity reacted, etc. The rules that we use are commercial, therefore they are frequently updated by a security provider, but to be on the safe side, our admins also include custom rules from time to time in order to respond to any new threats they have found.