ModSecurity is an efficient firewall for Apache web servers that's employed to stop attacks against web applications. It monitors the HTTP traffic to a specific Internet site in real time and stops any intrusion attempts the moment it identifies them. The firewall uses a set of rules to accomplish that - as an example, trying to log in to a script admin area without success many times triggers one rule, sending a request to execute a specific file which could result in accessing the Internet site triggers a different rule, and so on. ModSecurity is one of the best firewalls around and it will secure even scripts that are not updated frequently as it can prevent attackers from using known exploits and security holes. Quite comprehensive information about every single intrusion attempt is recorded and the logs the firewall keeps are much more specific than the conventional logs generated by the Apache server, so you can later examine them and decide whether you need to take more measures so as to improve the security of your script-driven sites.

ModSecurity in Dedicated Servers

ModSecurity is provided by default with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain that you create on the hosting server. In case that a web application doesn't function properly, you can either disable the firewall or set it to function in passive mode. The latter means that ModSecurity will keep a log of any potential attack which may take place, but will not take any action to stop it. The logs generated in passive or active mode will present you with additional details about the exact file which was attacked, the type of the attack and the IP address it originated from, and so forth. This info shall permit you to decide what actions you can take to boost the safety of your websites, including blocking IPs or performing script and plugin updates. The ModSecurity rules which we employ are updated constantly with a commercial pack from a third-party security provider we work with, but sometimes our admins add their own rules as well when they identify a new potential threat.