ModSecurity is a plugin for Apache web servers which functions as a web application layer firewall. It's used to prevent attacks toward script-driven sites through the use of security rules that contain specific expressions. This way, the firewall can stop hacking and spamming attempts and shield even sites that aren't updated regularly. As an example, several failed login attempts to a script administrator area or attempts to execute a particular file with the intention to get access to the script will trigger certain rules, so ModSecurity shall stop these activities the instant it identifies them. The firewall is very efficient as it tracks the entire HTTP traffic to a site in real time without slowing it down, so it can easily prevent an attack before any damage is done. It additionally keeps an incredibly detailed log of all attack attempts that includes more information than standard Apache logs, so you could later check out the data and take additional measures to boost the security of your websites if necessary.
ModSecurity in Shared Hosting
ModSecurity is offered with every single shared hosting plan which we offer and it's switched on by default for any domain or subdomain which you include via your Hepsia Control Panel. If it disrupts any of your apps or you'd like to disable it for some reason, you shall be able to do that through the ModSecurity area of Hepsia with only a mouse click. You may also activate a passive mode, so the firewall will identify potential attacks and keep a log, but won't take any action. You can view detailed logs in the exact same section, including the IP address where the attack originated from, what exactly the attacker aimed to do and at what time, what ModSecurity did, etcetera. For max safety of our customers we use a set of commercial firewall rules mixed with custom ones that are added by our system admins.
ModSecurity in Dedicated Hosting
All of our dedicated servers which are installed with the Hepsia hosting Control Panel feature ModSecurity, so any program which you upload or install shall be secured from the very beginning and you will not have to stress about common attacks or vulnerabilities. An independent section inside Hepsia will allow you to start or stop the firewall for every domain or subdomain, or turn on a detection mode so that it records info about intrusions, but doesn't take actions to prevent them. What you'll find in the logs shall allow you to to secure your websites better - the IP address an attack originated from, what site was attacked as well as how, what ModSecurity rule was triggered, etc. With this data, you'll be able to see if a site needs an update, whether you ought to block IPs from accessing your hosting server, etcetera. In addition to the third-party commercial security rules for ModSecurity that we use, our administrators add custom ones as well whenever they discover a new threat which is not yet a part of the commercial bundle.