ModSecurity is an effective firewall for Apache web servers that's employed to stop attacks against web apps. It monitors the HTTP traffic to a particular site in real time and prevents any intrusion attempts the moment it identifies them. The firewall uses a set of rules to do this - for instance, trying to log in to a script admin area without success a few times triggers one rule, sending a request to execute a certain file that could result in gaining access to the website triggers another rule, and so forth. ModSecurity is one of the best firewalls on the market and it'll secure even scripts that are not updated frequently because it can prevent attackers from employing known exploits and security holes. Quite detailed information about each and every intrusion attempt is recorded and the logs the firewall maintains are considerably more comprehensive than the regular logs provided by the Apache server, so you could later analyze them and determine if you need to take additional measures so as to improve the safety of your script-driven websites.
ModSecurity in VPS Servers
Protection is extremely important to us, so we set up ModSecurity on all VPS servers which are set up with the Hepsia CP by default. The firewall could be managed via a dedicated section inside Hepsia and is switched on automatically when you include a new domain or generate a subdomain, so you'll not need to do anything manually. You'll also be able to deactivate it or switch on the so-called detection mode, so it'll maintain a log of possible attacks which you can later examine, but will not block them. The logs in both passive and active modes include information about the type of the attack and how it was eliminated, what IP it came from and other important info that may help you to tighten the security of your sites by updating them or blocking IPs, as an example. On top of the commercial rules which we get for ModSecurity from a third-party security firm, we also employ our own rules as once in a while we discover specific attacks that are not yet present in the commercial pack. That way, we can improve the protection of your Virtual private server right away as opposed to waiting for an official update.
ModSecurity in Dedicated Servers
ModSecurity comes with all dedicated servers that are set up with our Hepsia CP and you won't have to do anything specific on your end to employ it since it's enabled by default every time you include a new domain or subdomain on your web server. In the event that it disrupts some of your programs, you'll be able to stop it via the respective section of Hepsia, or you may leave it operating in passive mode, so it shall recognize attacks and will still maintain a log for them, but shall not block them. You could look at the logs later to learn what you can do to boost the security of your Internet sites as you will find details such as where an intrusion attempt came from, what Internet site was attacked and based upon what rule ModSecurity responded, etc. The rules that we use are commercial, thus they are frequently updated by a security provider, but to be on the safe side, our admins also add custom rules once in a while in order to deal with any new threats they have discovered.