ModSecurity is a plugin for Apache web servers that acts as a web application layer firewall. It is used to prevent attacks towards script-driven Internet sites through the use of security rules that contain certain expressions. This way, the firewall can block hacking and spamming attempts and protect even sites which aren't updated regularly. For example, numerous failed login attempts to a script administrative area or attempts to execute a particular file with the purpose to get access to the script shall trigger certain rules, so ModSecurity shall block these activities the moment it identifies them. The firewall is very efficient since it monitors the entire HTTP traffic to a site in real time without slowing it down, so it will be able to stop an attack before any harm is done. It furthermore keeps an exceptionally thorough log of all attack attempts which contains more information than standard Apache logs, so you can later analyze the data and take further measures to increase the security of your sites if needed.
ModSecurity in Shared Website Hosting
ModSecurity is provided with all shared website hosting web servers, so when you decide to host your websites with our organization, they'll be protected against a wide range of attacks. The firewall is enabled as standard for all domains and subdomains, so there shall be nothing you will have to do on your end. You shall be able to stop ModSecurity for any Internet site if necessary, or to enable a detection mode, so that all activity will be recorded, but the firewall will not take any real action. You'll be able to view specific logs through your Hepsia CP including the IP where the attack originated from, what the attacker wished to do and how ModSecurity handled the threat. Since we take the safety of our customers' websites very seriously, we use a collection of commercial rules which we get from one of the leading firms that maintain this sort of rules. Our administrators also include custom rules to make certain that your sites will be shielded from as many risks as possible.
ModSecurity in Semi-dedicated Servers
We've integrated ModSecurity as a standard within all semi-dedicated server plans, so your web apps shall be protected the instant you set them up under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts will permit you to activate or turn off the firewall for any website with a mouse click. You shall also be able to activate a passive detection mode with which ModSecurity will keep a log of possible attacks without really stopping them. The detailed logs contain the nature of the attack and what ModSecurity response this attack initiated, where it came from, and so forth. The list of rules which we use is frequently updated as to match any new risks that could appear on the Internet and it consists of both commercial rules that we get from a security company and custom-written ones which our admins include if they find a threat which is not present in the commercial list yet.