ModSecurity is a plugin for Apache web servers that acts as a web app layer firewall. It's employed to stop attacks against script-driven Internet sites by employing security rules which contain certain expressions. This way, the firewall can block hacking and spamming attempts and preserve even websites that aren't updated on a regular basis. For example, several unsuccessful login attempts to a script administrator area or attempts to execute a certain file with the objective to get access to the script will trigger certain rules, so ModSecurity shall block out these activities the second it identifies them. The firewall is incredibly efficient since it tracks the whole HTTP traffic to an Internet site in real time without slowing it down, so it can prevent an attack before any damage is done. It also maintains an incredibly comprehensive log of all attack attempts which includes more information than standard Apache logs, so you can later analyze the data and take extra measures to boost the security of your Internet sites if needed.
ModSecurity in Semi-dedicated Servers
We have incorporated ModSecurity as a standard within all semi-dedicated server products, so your web apps will be protected as soon as you set them up under any domain or subdomain. The Hepsia CP that is included with the semi-dedicated accounts shall permit you to switch on or turn off the firewall for any Internet site with a click. You shall also have the ability to activate a passive detection mode through which ModSecurity will keep a log of possible attacks without actually stopping them. The thorough logs contain the nature of the attack and what ModSecurity response that attack activated, where it came from, etc. The list of rules we use is constantly updated as to match any new risks that could appear on the Internet and it consists of both commercial rules that we get from a security firm and custom-written ones that our administrators add if they discover a threat that is not present inside the commercial list yet.
ModSecurity in Dedicated Servers
ModSecurity is offered as standard with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain you create on the server. In the event that a web application does not function adequately, you may either switch off the firewall or set it to work in passive mode. The second means that ModSecurity will maintain a log of any potential attack that may happen, but will not take any action to prevent it. The logs produced in active or passive mode will offer you more details about the exact file which was attacked, the form of the attack and the IP address it came from, etcetera. This info will allow you to decide what measures you can take to increase the security of your websites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules that we use are updated regularly with a commercial bundle from a third-party security enterprise we work with, but oftentimes our administrators add their own rules also when they identify a new potential threat.