ModSecurity is a highly effective web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its overall performance and in case it discovers an intrusion attempt, it prevents it. The firewall also keeps a more comprehensive log for the website visitors than any server does, so you will manage to keep an eye on what is happening with your sites better than if you rely only on standard logs. ModSecurity uses security rules based on which it stops attacks. For example, it recognizes if anyone is trying to log in to the administration area of a specific script several times or if a request is sent to execute a file with a specific command. In such cases these attempts trigger the corresponding rules and the firewall program blocks the attempts in real time, then records comprehensive info about them within its logs. ModSecurity is one of the best software firewalls available and it can protect your web apps against thousands of threats and vulnerabilities, particularly if you don’t update them or their plugins regularly.

ModSecurity in Web Hosting

ModSecurity comes standard with all web hosting solutions that we supply and it shall be switched on automatically for any domain or subdomain that you add/create inside your Hepsia hosting Control Panel. The firewall has three different modes, so you'll be able to switch on and disable it with simply a click or set it to detection mode, so it'll maintain a log of all attacks, but it'll not do anything to prevent them. The log for any of your sites shall feature detailed information such as the nature of the attack, where it originated from, what action was taken by ModSecurity, and so on. The firewall rules that we use are regularly updated and consist of both commercial ones which we get from a third-party security company and custom ones which our system admins include in case that they detect a new type of attacks. In this way, the websites that you host here will be a lot more protected with no action required on your end.

ModSecurity in Dedicated Servers

ModSecurity is offered as standard with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain you create on the web server. In case that a web app does not operate properly, you can either turn off the firewall or set it to work in passive mode. The latter means that ModSecurity shall keep a log of any potential attack which may happen, but won't take any action to stop it. The logs produced in active or passive mode shall present you with more details about the exact file that was attacked, the nature of the attack and the IP it originated from, etcetera. This information shall permit you to determine what steps you can take to improve the protection of your sites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules we use are updated constantly with a commercial pack from a third-party security provider we work with, but oftentimes our admins add their own rules also if they come across a new potential threat.