ModSecurity is a plugin for Apache web servers that functions as a web application layer firewall. It is used to stop attacks against script-driven Internet sites through the use of security rules that contain certain expressions. In this way, the firewall can block hacking and spamming attempts and preserve even sites which are not updated often. For example, a number of unsuccessful login attempts to a script administrative area or attempts to execute a specific file with the objective to get access to the script will trigger certain rules, so ModSecurity shall block out these activities the minute it discovers them. The firewall is very efficient as it tracks the entire HTTP traffic to a site in real time without slowing it down, so it will be able to stop an attack before any harm is done. It furthermore maintains a very detailed log of all attack attempts that features more info than traditional Apache logs, so you can later check out the data and take further measures to enhance the security of your Internet sites if necessary.

ModSecurity in Shared Web Hosting

ModSecurity is supplied with all shared web hosting machines, so when you decide to host your Internet sites with our company, they shall be shielded from a wide array of attacks. The firewall is turned on as standard for all domains and subdomains, so there'll be nothing you will need to do on your end. You shall be able to stop ModSecurity for any website if needed, or to switch on a detection mode, so that all activity shall be recorded, but the firewall shall not take any real action. You'll be able to view detailed logs from your Hepsia CP including the IP where the attack originated from, what the attacker wished to do and how ModSecurity handled the threat. Since we take the protection of our clients' Internet sites seriously, we employ a collection of commercial rules which we take from one of the top firms that maintain this kind of rules. Our administrators also add custom rules to make sure that your sites shall be resistant to as many threats as possible.

ModSecurity in Semi-dedicated Servers

We've integrated ModSecurity by default inside all semi-dedicated server plans, so your web apps shall be protected whenever you set them up under any domain or subdomain. The Hepsia Control Panel which comes with the semi-dedicated accounts shall allow you to enable or turn off the firewall for any site with a mouse click. You will also be able to turn on a passive detection mode through which ModSecurity will maintain a log of possible attacks without really stopping them. The detailed logs contain the nature of the attack and what ModSecurity response this attack triggered, where it originated from, etc. The list of rules that we employ is regularly updated in order to match any new threats which may appear on the Internet and it features both commercial rules that we get from a security corporation and custom-written ones which our admins add in case they find a threat which is not present within the commercial list yet.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers which are offered with the Hepsia hosting CP, so your web programs will be protected from the moment your server is in a position. The firewall is turned on by default for any domain or subdomain on the Virtual Private Server, but if required, you can deactivate it with a click via the corresponding section of Hepsia. You may also set it to function in detection mode, so it shall keep a comprehensive log of any possible attacks without taking any action to stop them. The logs are available inside the exact same section and include information about the nature of the attack, what IP it originated from and what ModSecurity rule was initiated to stop it. For maximum security, we use not just commercial rules from a firm working in the field of web security, but also custom ones that our admins include manually so as to respond to new risks which are still not tackled in the commercial rules.

ModSecurity in Dedicated Servers

All of our dedicated servers which are set up with the Hepsia hosting Control Panel include ModSecurity, so any app that you upload or install shall be properly secured from the very beginning and you'll not need to concern yourself with common attacks or vulnerabilities. An individual section in Hepsia will permit you to start or stop the firewall for every domain or subdomain, or switch on a detection mode so that it records information about intrusions, but doesn't take actions to prevent them. What you shall find in the logs shall enable you to to secure your sites better - the IP address an attack came from, what site was attacked as well as how, what ModSecurity rule was triggered, etc. With this data, you'll be able to see whether an Internet site needs an update, whether you need to block IPs from accessing your web server, and so on. In addition to the third-party commercial security rules for ModSecurity which we use, our admins include custom ones as well when they discover a new threat that's not yet in the commercial bundle.