ModSecurity is a powerful firewall for Apache web servers that is used to stop attacks toward web apps. It tracks the HTTP traffic to a specific site in real time and stops any intrusion attempts as soon as it detects them. The firewall uses a set of rules to do this - for example, trying to log in to a script admin area without success many times activates one rule, sending a request to execute a specific file that may result in accessing the Internet site triggers a different rule, and so on. ModSecurity is among the best firewalls on the market and it will protect even scripts that are not updated regularly as it can prevent attackers from using known exploits and security holes. Very detailed data about every single intrusion attempt is recorded and the logs the firewall keeps are considerably more comprehensive than the conventional logs provided by the Apache server, so you could later examine them and decide if you need to take more measures so as to improve the protection of your script-driven Internet sites.
ModSecurity in Shared Hosting
ModSecurity is offered with each and every shared hosting plan which we provide and it is switched on by default for any domain or subdomain that you include via your Hepsia Control Panel. In case it interferes with any of your programs or you would like to disable it for some reason, you will be able to do this through the ModSecurity area of Hepsia with merely a mouse click. You can also enable a passive mode, so the firewall will detect potential attacks and keep a log, but won't take any action. You can see comprehensive logs in the same section, including the IP where the attack came from, what exactly the attacker attempted to do and at what time, what ModSecurity did, and so on. For optimum safety of our customers we use a set of commercial firewall rules combined with custom ones which are added by our system admins.
ModSecurity in VPS Servers
Protection is extremely important to us, so we set up ModSecurity on all VPS servers which are made available with the Hepsia CP by default. The firewall could be managed via a dedicated section within Hepsia and is turned on automatically when you add a new domain or create a subdomain, so you won't have to do anything manually. You will also be able to deactivate it or turn on the so-called detection mode, so it'll keep a log of potential attacks that you can later study, but will not block them. The logs in both passive and active modes include information about the kind of the attack and how it was prevented, what IP it originated from and other useful info that may help you to tighten the security of your websites by updating them or blocking IPs, as an example. Besides the commercial rules we get for ModSecurity from a third-party security firm, we also implement our own rules because from time to time we detect specific attacks which aren't yet present within the commercial pack. This way, we can boost the security of your VPS immediately as opposed to awaiting a certified update.