ModSecurity
Learn how having ModSecurity activated inside your hosting account will help silently with your web site protection.
ModSecurity is a potent web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its overall performance and in case it discovers an intrusion attempt, it prevents it. The firewall also maintains a more comprehensive log for the website visitors than any server does, so you shall manage to monitor what is happening with your sites better than if you rely merely on conventional logs. ModSecurity works with security rules based on which it helps prevent attacks. For example, it detects whether somebody is attempting to log in to the administrator area of a specific script a number of times or if a request is sent to execute a file with a certain command. In these circumstances these attempts trigger the corresponding rules and the software blocks the attempts right away, after that records comprehensive details about them within its logs. ModSecurity is among the most effective software firewalls on the market and it can protect your web applications against a large number of threats and vulnerabilities, particularly in case you don’t update them or their plugins regularly.
-
ModSecurity in Cloud Web Hosting
ModSecurity is supplied with all
cloud web hosting servers, so if you opt to host your Internet sites with our organization, they will be shielded from an array of attacks. The firewall is turned on as standard for all domains and subdomains, so there shall be nothing you shall need to do on your end. You'll be able to stop ModSecurity for any Internet site if necessary, or to switch on a detection mode, so that all activity shall be recorded, but the firewall won't take any real action. You will be able to view comprehensive logs through your Hepsia Control Panel including the IP where the attack came from, what the attacker wanted to do and how ModSecurity handled the threat. Since we take the security of our customers' Internet sites seriously, we employ a group of commercial rules that we take from one of the best companies which maintain such rules. Our admins also include custom rules to make certain that your Internet sites will be resistant to as many threats as possible.
-
ModSecurity in Semi-dedicated Hosting
ModSecurity is a part of our
semi-dedicated hosting plans and if you decide to host your sites with our company, there shall not be anything special you'll need to do given that the firewall is switched on by default for all domains and subdomains you add via your hosting CP. If necessary, you'll be able to disable ModSecurity for a certain website or turn on the so-called detection mode in which case the firewall will still operate and record information, but will not do anything to prevent potential attacks on your websites. In depth logs shall be accessible within your CP and you will be able to see which kind of attacks happened, what security rules were triggered and how the firewall dealt with the threats, what IP addresses the attacks originated from, etc. We use two sorts of rules on our servers - commercial ones from a firm that operates in the field of web security, and custom made ones that our administrators often add to respond to newly identified risks promptly.
-
ModSecurity in VPS
ModSecurity is pre-installed on all
virtual private servers that are set up with the Hepsia hosting Control Panel, so your web apps shall be secured from the second your server is ready. The firewall is activated by default for any domain or subdomain on the Virtual Private Server, but if required, you could deactivate it with a click of your mouse via the corresponding section of Hepsia. You could also set it to function in detection mode, so it will keep a comprehensive log of any possible attacks without taking any action to prevent them. The logs are available inside the same section and provide information regarding the nature of the attack, what IP address it originated from and what ModSecurity rule was activated to stop it. For best security, we employ not only commercial rules from a firm working in the field of web security, but also custom ones which our admins add personally in order to respond to new threats which are still not dealt with in the commercial rules.
-
ModSecurity in Dedicated Hosting
ModSecurity is included with all
dedicated servers which are integrated with our Hepsia CP and you'll not need to do anything specific on your end to employ it since it's turned on by default every time you include a new domain or subdomain on your web server. In case it interferes with any of your programs, you will be able to stop it via the respective part of Hepsia, or you may leave it working in passive mode, so it will identify attacks and shall still maintain a log for them, but will not prevent them. You may examine the logs later to determine what you can do to improve the safety of your websites since you'll find information such as where an intrusion attempt came from, what website was attacked and based upon what rule ModSecurity reacted, etc. The rules we employ are commercial, hence they're regularly updated by a security firm, but to be on the safe side, our staff also include custom rules occasionally in order to deal with any new threats they have identified.