ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It's used to stop attacks against script-driven Internet sites through the use of security rules which contain specific expressions. That way, the firewall can stop hacking and spamming attempts and preserve even websites that aren't updated frequently. As an example, a number of unsuccessful login attempts to a script administrative area or attempts to execute a certain file with the intention to get access to the script will trigger particular rules, so ModSecurity shall stop these activities the second it discovers them. The firewall is very efficient since it screens the whole HTTP traffic to a website in real time without slowing it down, so it can prevent an attack before any damage is done. It furthermore keeps a very detailed log of all attack attempts which includes more information than traditional Apache logs, so you can later analyze the data and take extra measures to increase the security of your Internet sites if required.

ModSecurity in Shared Web Hosting

ModSecurity can be found with each and every shared web hosting solution that we offer and it is turned on by default for any domain or subdomain which you add via your Hepsia CP. In the event that it disrupts any of your programs or you'd like to disable it for whatever reason, you will be able to do that through the ModSecurity area of Hepsia with only a mouse click. You may also use a passive mode, so the firewall will discover possible attacks and maintain a log, but shall not take any action. You could see detailed logs in the very same section, including the IP address where the attack came from, exactly what the attacker aimed to do and at what time, what ModSecurity did, and so on. For maximum protection of our customers we use a group of commercial firewall rules combined with custom ones that are provided by our system admins.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server packages which we offer include ModSecurity and because the firewall is enabled by default, any website which you create under a domain or a subdomain will be secured immediately. A separate section within the Hepsia Control Panel that comes with the semi-dedicated accounts is devoted to ModSecurity and it'll permit you to start and stop the firewall for any website or switch on a detection mode. With the last mentioned, ModSecurity won't take any action, but it'll still identify possible attacks and will keep all information in a log as if it were fully active. The logs could be found within the very same section of the Control Panel and they feature details about the IP where an attack came from, what its nature was, what rule ModSecurity applies to recognize and stop it, etc. The security rules we employ on our machines are a mix of commercial ones from a security company and custom ones made by our system administrators. For that reason, we offer greater security for your web apps as we can defend them from attacks before security businesses release updates for brand new threats.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are offered with the Hepsia hosting CP, so your web programs shall be secured from the instant your server is in a position. The firewall is switched on by default for any domain or subdomain on the VPS, but if necessary, you could deactivate it with a click of your mouse from the corresponding section of Hepsia. You can also set it to operate in detection mode, so it'll maintain an extensive log of any potential attacks without taking any action to prevent them. The logs are available in the same section and provide information about the nature of the attack, what IP address it came from and what ModSecurity rule was activated to stop it. For maximum security, we use not just commercial rules from a firm working in the field of web security, but also custom ones which our administrators include manually in order to respond to new risks that are still not dealt with in the commercial rules.

ModSecurity in Dedicated Servers

ModSecurity is available by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain which you create on the server. Just in case that a web application does not operate correctly, you could either disable the firewall or set it to work in passive mode. The second means that ModSecurity shall maintain a log of any possible attack which could occur, but won't take any action to prevent it. The logs generated in passive or active mode shall offer you more details about the exact file that was attacked, the nature of the attack and the IP address it came from, and so forth. This information will permit you to decide what steps you can take to boost the protection of your Internet sites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we use are updated often with a commercial pack from a third-party security firm we work with, but oftentimes our administrators include their own rules as well in case they identify a new potential threat.