Find out what ModSecurity actually is, the way it works and what exactly it will do to protect your sites and web applications.
ModSecurity is a potent web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its overall performance and in case it discovers an intrusion attempt, it prevents it. The firewall also maintains a more comprehensive log for the traffic than any web server does, so you'll be able to keep an eye on what's going on with your websites better than if you rely simply on standard logs. ModSecurity works with security rules based on which it helps prevent attacks. For example, it recognizes if somebody is trying to log in to the administration area of a particular script multiple times or if a request is sent to execute a file with a particular command. In these instances these attempts trigger the corresponding rules and the firewall software hinders the attempts in real time, after that records comprehensive details about them inside its logs. ModSecurity is one of the most effective software firewalls on the market and it can protect your web applications against thousands of threats and vulnerabilities, especially if you don’t update them or their plugins regularly.
ModSecurity in Semi-dedicated Hosting
Any web app that you set up in your new semi-dedicated hosting
account shall be protected by ModSecurity since the firewall comes with all our hosting plans and is turned on by default for any domain and subdomain which you add or create through your Hepsia hosting CP. You shall be able to manage ModSecurity through a dedicated area in Hepsia where not simply could you activate or deactivate it entirely, but you may also enable a passive mode, so the firewall will not block anything, but it'll still maintain a record of possible attacks. This normally requires just a click and you'll be able to look at the logs regardless if ModSecurity is in active or passive mode through the same section - what the attack was and where it came from, how it was taken care of, etc. The firewall uses 2 sets of rules on our machines - a commercial one that we get from a third-party web security firm and a custom one that our administrators update personally in order to respond to newly discovered risks at the earliest opportunity.
ModSecurity in Dedicated Servers Hosting
ModSecurity is provided by default with all dedicated servers
that are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain that you create on the web server. In case that a web application doesn't function correctly, you could either turn off the firewall or set it to operate in passive mode. The latter means that ModSecurity shall keep a log of any potential attack which might occur, but won't take any action to prevent it. The logs produced in passive or active mode will provide you with additional details about the exact file which was attacked, the nature of the attack and the IP address it came from, etc. This info will enable you to choose what actions you can take to enhance the protection of your Internet sites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we employ are updated constantly with a commercial package from a third-party security provider we work with, but from time to time our staff include their own rules also in the event that they find a new potential threat.