ModSecurity is a plugin for Apache web servers that acts as a web app layer firewall. It is employed to prevent attacks towards script-driven Internet sites through the use of security rules which contain specific expressions. In this way, the firewall can block hacking and spamming attempts and preserve even websites which aren't updated regularly. For instance, numerous failed login attempts to a script administrator area or attempts to execute a certain file with the purpose to get access to the script shall trigger specific rules, so ModSecurity shall block out these activities the moment it discovers them. The firewall is very efficient as it tracks the entire HTTP traffic to a site in real time without slowing it down, so it could stop an attack before any harm is done. It furthermore keeps an incredibly comprehensive log of all attack attempts which includes more information than standard Apache logs, so you can later check out the data and take further measures to increase the security of your Internet sites if necessary.

ModSecurity in Hosting

ModSecurity comes by default with all hosting plans that we provide and it shall be switched on automatically for any domain or subdomain which you add/create within your Hepsia hosting CP. The firewall has three different modes, so you can switch on and deactivate it with simply a mouse click or set it to detection mode, so it'll keep a log of all attacks, but it'll not do anything to prevent them. The log for each of your websites shall include elaborate information including the nature of the attack, where it came from, what action was taken by ModSecurity, etc. The firewall rules we use are regularly updated and comprise of both commercial ones which we get from a third-party security firm and custom ones that our system administrators include in the event that they detect a new kind of attacks. This way, the websites you host here shall be way more protected without any action expected on your end.

ModSecurity in Semi-dedicated Hosting

ModSecurity is a part of our semi-dedicated hosting packages and if you decide to host your websites with our company, there shall not be anything special you'll have to do since the firewall is switched on by default for all domains and subdomains you add using your hosting CP. If required, you'll be able to disable ModSecurity for a certain website or turn on the so-called detection mode in which case the firewall shall still function and record info, but won't do anything to stop possible attacks on your sites. Thorough logs shall be accessible inside your Control Panel and you'll be able to see what type of attacks took place, what security rules were triggered and how the firewall handled the threats, what IP addresses the attacks originated from, and so forth. We use 2 kinds of rules on our servers - commercial ones from a business that operates in the field of web security, and custom made ones which our administrators occasionally include to respond to newly discovered risks in a timely manner.

ModSecurity in VPS

ModSecurity is pre-installed on all virtual private servers which are set up with the Hepsia hosting CP, so your web applications will be protected from the second your server is in a position. The firewall is switched on by default for any domain or subdomain on the VPS, but if required, you'll be able to disable it with a click through the corresponding section of Hepsia. You can also set it to work in detection mode, so it'll keep an extensive log of any potential attacks without taking any action to prevent them. The logs are available within the same section and offer information regarding the nature of the attack, what IP it came from and what ModSecurity rule was initiated to stop it. For maximum security, we use not simply commercial rules from a business operating in the field of web security, but also custom ones which our administrators add personally in order to react to new threats which are still not tackled in the commercial rules.

ModSecurity in Dedicated Hosting

When you opt to host your sites on a dedicated server with the Hepsia CP, your web apps will be protected straight away because ModSecurity is available with all Hepsia-based solutions. You will be able to manage the firewall effortlessly and if necessary, you will be able to turn it off or enable its passive mode when it will only maintain a log of what is occurring without taking any action to prevent possible attacks. The logs which you'll find within the exact same section of the CP are really detailed and feature data about the attacker IP address, what site and file were attacked and in what way, what rule the firewall employed to prevent the intrusion, etcetera. This information shall permit you to take measures and increase the security of your websites even more. To be on the safe side, we employ not just commercial rules, but also custom-made ones that our staff add every time they identify attacks that have not yet been included within the commercial pack.