Find out how having ModSecurity allowed in your web hosting account can help silently with your website security.
ModSecurity is a highly effective web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its operation and if it discovers an intrusion attempt, it prevents it. The firewall furthermore maintains a more detailed log for the website visitors than any web server does, so you shall manage to keep an eye on what is going on with your Internet sites a lot better than if you rely simply on standard logs. ModSecurity employs security rules based on which it helps prevent attacks. For instance, it identifies whether anyone is trying to log in to the administrator area of a given script multiple times or if a request is sent to execute a file with a specific command. In these circumstances these attempts set off the corresponding rules and the firewall blocks the attempts instantly, after that records comprehensive info about them inside its logs. ModSecurity is among the most effective software firewalls on the market and it can protect your web applications against many threats and vulnerabilities, particularly if you don’t update them or their plugins frequently.
ModSecurity in Cloud Hosting
ModSecurity is provided with all cloud hosting
machines, so if you decide to host your Internet sites with our business, they shall be shielded from an array of attacks. The firewall is turned on as standard for all domains and subdomains, so there'll be nothing you'll need to do on your end. You shall be able to stop ModSecurity for any Internet site if necessary, or to switch on a detection mode, so all activity will be recorded, but the firewall will not take any real action. You will be able to view detailed logs via your Hepsia Control Panel including the IP address where the attack originated from, what the attacker wished to do and how ModSecurity handled the threat. Since we take the safety of our clients' Internet sites very seriously, we use a collection of commercial rules that we get from one of the top companies which maintain this sort of rules. Our admins also include custom rules to make certain that your sites will be protected against as many threats as possible.
ModSecurity in Semi-dedicated Servers
ModSecurity is part of our semi-dedicated server
solutions and if you opt to host your Internet sites with our company, there will not be anything special you'll have to do as the firewall is activated by default for all domains and subdomains that you include through your hosting CP. If required, you'll be able to disable ModSecurity for a certain website or turn on the so-called detection mode in which case the firewall shall still operate and record information, but shall not do anything to stop potential attacks against your websites. In depth logs shall be accessible inside your Control Panel and you shall be able to see what type of attacks happened, what security rules were triggered and how the firewall dealt with the threats, what IP addresses the attacks came from, and so forth. We employ two sorts of rules on our servers - commercial ones from a company which operates in the field of web security, and custom made ones that our admins often add to respond to newly identified threats on time.
ModSecurity in VPS Servers
Protection is essential to us, so we install ModSecurity on all VPS servers
which are made available with the Hepsia CP by default. The firewall could be managed through a dedicated section inside Hepsia and is turned on automatically when you add a new domain or create a subdomain, so you won't need to do anything by hand. You shall also be able to disable it or switch on the so-called detection mode, so it will maintain a log of potential attacks you can later examine, but shall not prevent them. The logs in both passive and active modes contain information about the form of the attack and how it was stopped, what IP it came from and other valuable data that may help you to tighten the security of your websites by updating them or blocking IPs, as an example. Besides the commercial rules that we get for ModSecurity from a third-party security enterprise, we also use our own rules since from time to time we discover specific attacks which aren't yet present in the commercial pack. This way, we can increase the protection of your VPS in a timely manner as opposed to awaiting a certified update.
ModSecurity in Dedicated Servers
When you opt to host your Internet sites on a dedicated server
with the Hepsia CP, your web apps shall be protected right from the start because ModSecurity is supplied with all Hepsia-based plans. You will be able to manage the firewall with ease and if needed, you will be able to turn it off or activate its passive mode when it will only keep a log of what is occurring without taking any action to prevent possible attacks. The logs which you'll find within the exact same section of the Control Panel are incredibly detailed and include details about the attacker IP address, what site and file were attacked and in what way, what rule the firewall used to prevent the intrusion, and so forth. This info shall permit you to take measures and boost the protection of your sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones which our admins include when they identify attacks which haven't yet been included in the commercial pack.