ModSecurity is a plugin for Apache web servers that functions as a web app layer firewall. It is used to stop attacks against script-driven sites through the use of security rules that contain particular expressions. That way, the firewall can stop hacking and spamming attempts and shield even websites which are not updated frequently. As an example, a number of failed login attempts to a script administrator area or attempts to execute a certain file with the purpose to get access to the script shall trigger specific rules, so ModSecurity shall stop these activities the minute it discovers them. The firewall is incredibly efficient since it monitors the whole HTTP traffic to an Internet site in real time without slowing it down, so it could stop an attack before any harm is done. It also keeps a very detailed log of all attack attempts that includes more information than typical Apache logs, so you could later check out the data and take further measures to boost the security of your Internet sites if necessary.

ModSecurity in Dedicated Servers

ModSecurity is available as standard with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain which you create on the web server. In case that a web application does not operate adequately, you can either switch off the firewall or set it to work in passive mode. The latter means that ModSecurity shall maintain a log of any possible attack which could take place, but will not take any action to prevent it. The logs produced in passive or active mode will offer you more details about the exact file that was attacked, the nature of the attack and the IP address it originated from, etc. This information shall enable you to decide what actions you can take to increase the protection of your sites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules we use are updated frequently with a commercial package from a third-party security company we work with, but from time to time our administrators add their own rules too if they discover a new potential threat.