ModSecurity is a plugin for Apache web servers which acts as a web application layer firewall. It is employed to stop attacks toward script-driven Internet sites by using security rules that contain certain expressions. In this way, the firewall can stop hacking and spamming attempts and preserve even Internet sites that are not updated regularly. For example, numerous unsuccessful login attempts to a script administrator area or attempts to execute a particular file with the intention to get access to the script shall trigger certain rules, so ModSecurity shall block these activities the second it discovers them. The firewall is extremely efficient since it screens the entire HTTP traffic to a site in real time without slowing it down, so it can easily stop an attack before any damage is done. It furthermore maintains an exceptionally detailed log of all attack attempts which features more info than standard Apache logs, so you could later examine the data and take extra measures to boost the security of your websites if required.

ModSecurity in Shared Web Hosting

ModSecurity is available on all shared web hosting servers, so when you choose to host your sites with our firm, they'll be shielded from a wide range of attacks. The firewall is turned on by default for all domains and subdomains, so there shall be nothing you will have to do on your end. You'll be able to stop ModSecurity for any website if needed, or to activate a detection mode, so all activity will be recorded, but the firewall shall not take any real action. You'll be able to view detailed logs via your Hepsia Control Panel including the IP address where the attack came from, what the attacker wanted to do and how ModSecurity addressed the threat. Since we take the safety of our customers' sites seriously, we employ a group of commercial rules which we take from one of the top companies which maintain this sort of rules. Our admins also add custom rules to make certain that your websites will be resistant to as many threats as possible.

ModSecurity in Semi-dedicated Servers

ModSecurity is a part of our semi-dedicated server plans and if you decide to host your Internet sites with us, there shall not be anything special you will have to do given that the firewall is turned on by default for all domains and subdomains you include through your hosting Control Panel. If required, you'll be able to disable ModSecurity for a particular site or enable the so-called detection mode in which case the firewall shall still work and record information, but won't do anything to prevent possible attacks on your Internet sites. Detailed logs will be accessible in your Control Panel and you will be able to see what type of attacks occurred, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks came from, and so on. We employ two kinds of rules on our servers - commercial ones from a firm which operates in the field of web security, and custom made ones which our administrators occasionally add to respond to newly discovered risks in a timely manner.

ModSecurity in VPS Servers

Safety is vital to us, so we set up ModSecurity on all VPS servers that are made available with the Hepsia Control Panel by default. The firewall can be managed via a dedicated section within Hepsia and is switched on automatically when you add a new domain or create a subdomain, so you will not need to do anything by hand. You shall also be able to disable it or activate the so-called detection mode, so it will maintain a log of potential attacks you can later study, but shall not block them. The logs in both passive and active modes include info regarding the kind of the attack and how it was prevented, what IP address it originated from and other valuable information that may help you to tighten the security of your websites by updating them or blocking IPs, for instance. Besides the commercial rules we get for ModSecurity from a third-party security company, we also use our own rules as from time to time we identify specific attacks that are not yet present within the commercial pack. That way, we can easily enhance the protection of your VPS promptly instead of waiting for a certified update.

ModSecurity in Dedicated Servers

When you opt to host your websites on a dedicated server with the Hepsia CP, your web apps shall be secured immediately as ModSecurity is provided with all Hepsia-based solutions. You shall be able to manage the firewall with ease and if required, you shall be able to turn it off or switch on its passive mode when it'll only maintain a log of what's taking place without taking any action to prevent possible attacks. The logs that you'll find in the exact same section of the CP are very detailed and feature details about the attacker IP, what site and file were attacked and in what way, what rule the firewall employed to stop the intrusion, etc. This data shall enable you to take measures and boost the security of your sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones which our administrators include every time they identify attacks which haven't yet been included inside the commercial pack.