ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its operation and in case it identifies an intrusion attempt, it blocks it. The firewall also maintains a more thorough log for the website visitors than any server does, so you shall be able to keep an eye on what's going on with your sites a lot better than if you rely merely on standard logs. ModSecurity uses security rules based on which it prevents attacks. For example, it detects if somebody is trying to log in to the administrator area of a particular script several times or if a request is sent to execute a file with a particular command. In these situations these attempts set off the corresponding rules and the software blocks the attempts right away, then records in-depth details about them in its logs. ModSecurity is amongst the most effective software firewalls out there and it can easily protect your web applications against thousands of threats and vulnerabilities, especially if you don’t update them or their plugins regularly.
ModSecurity in Semi-dedicated Servers
All semi-dedicated server plans that we offer include ModSecurity and given that the firewall is enabled by default, any site you build under a domain or a subdomain shall be secured right away. An independent section within the Hepsia Control Panel that comes with the semi-dedicated accounts is dedicated to ModSecurity and it will enable you to stop and start the firewall for any Internet site or activate a detection mode. With the last option, ModSecurity won't take any action, but it'll still detect possible attacks and will keep all data in a log as if it were fully active. The logs can be found inside the same section of the Control Panel and they include information regarding the IP where an attack came from, what its nature was, what rule ModSecurity applies to identify and stop it, and so forth. The security rules that we use on our machines are a mix between commercial ones from a security business and custom ones made by our system admins. Therefore, we provide greater security for your web programs as we can defend them from attacks before security companies release updates for brand new threats.