Find out what ModSecurity actually is, what it does and what exactly it will do to protect your sites and web apps.
ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its operation and in case it identifies an intrusion attempt, it blocks it. The firewall additionally keeps a more detailed log for the site visitors than any web server does, so you shall manage to monitor what's going on with your websites better than if you rely only on conventional logs. ModSecurity uses security rules based on which it prevents attacks. For instance, it identifies whether someone is trying to log in to the administrator area of a particular script several times or if a request is sent to execute a file with a certain command. In these cases these attempts set off the corresponding rules and the firewall blocks the attempts immediately, and then records in-depth details about them inside its logs. ModSecurity is one of the most effective software firewalls on the market and it can protect your web apps against many threats and vulnerabilities, particularly if you don’t update them or their plugins often.
ModSecurity in Cloud Website Hosting
ModSecurity comes by default with all cloud website hosting
packages that we offer and it shall be activated automatically for any domain or subdomain that you add/create within your Hepsia hosting Control Panel. The firewall has three different modes, so you can switch on and deactivate it with just a mouse click or set it to detection mode, so it'll maintain a log of all attacks, but it shall not do anything to prevent them. The log for any of your sites shall feature in-depth info including the nature of the attack, where it originated from, what action was taken by ModSecurity, and so on. The firewall rules which we use are frequently updated and comprise of both commercial ones which we get from a third-party security company and custom ones that our system administrators add in case that they detect a new kind of attacks. In this way, the Internet sites that you host here shall be way more secure with no action needed on your end.