ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It's used to prevent attacks toward script-driven sites through the use of security rules which contain particular expressions. In this way, the firewall can block hacking and spamming attempts and protect even Internet sites which aren't updated regularly. For example, a number of unsuccessful login attempts to a script admin area or attempts to execute a certain file with the objective to get access to the script will trigger particular rules, so ModSecurity shall block out these activities the minute it detects them. The firewall is incredibly efficient because it monitors the whole HTTP traffic to a website in real time without slowing it down, so it can easily stop an attack before any harm is done. It furthermore keeps a very detailed log of all attack attempts which includes more info than traditional Apache logs, so you could later analyze the data and take extra measures to enhance the security of your Internet sites if necessary.

ModSecurity in Cloud Website Hosting

ModSecurity is available with each and every cloud website hosting plan which we provide and it is switched on by default for every domain or subdomain that you include through your Hepsia Control Panel. If it interferes with any of your programs or you'd like to disable it for whatever reason, you will be able to do this through the ModSecurity section of Hepsia with just a click. You may also enable a passive mode, so the firewall will discover potential attacks and keep a log, but will not take any action. You'll be able to see detailed logs in the exact same section, including the IP address where the attack came from, what exactly the attacker aimed to do and at what time, what ModSecurity did, and so forth. For maximum protection of our clients we use a collection of commercial firewall rules blended with custom ones which are provided by our system administrators.

ModSecurity in Semi-dedicated Servers

ModSecurity is a part of our semi-dedicated server packages and if you choose to host your Internet sites with our company, there shall not be anything special you'll have to do as the firewall is switched on by default for all domains and subdomains you include via your hosting CP. If needed, you'll be able to disable ModSecurity for a certain Internet site or switch on the so-called detection mode in which case the firewall shall still work and record information, but won't do anything to prevent potential attacks against your websites. In depth logs shall be readily available inside your Control Panel and you'll be able to see what type of attacks happened, what security rules were triggered and how the firewall handled the threats, what Internet protocol addresses the attacks originated from, etcetera. We use two types of rules on our servers - commercial ones from a company that operates in the field of web security, and custom made ones which our admins occasionally include to respond to newly found threats promptly.

ModSecurity in VPS Servers

All VPS servers which are set up with the Hepsia Control Panel come with ModSecurity. The firewall is set up and turned on by default for all domains which are hosted on the server, so there will not be anything special that you will have to do to protect your Internet sites. It'll take you a click to stop ModSecurity if needed or to activate its passive mode so that it records what goes on without taking any steps to prevent intrusions. You shall be able to look at the logs produced in passive or active mode through the corresponding section of Hepsia and discover more about the type of the attack, where it came from, what rule the firewall employed to tackle it, and so on. We use a mix of commercial and custom rules so as to make sure that ModSecurity shall block as many threats as possible, thus increasing the security of your web applications as much as possible.

ModSecurity in Dedicated Servers

ModSecurity is provided by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain which you create on the server. In case that a web app does not work adequately, you may either disable the firewall or set it to operate in passive mode. The second means that ModSecurity will maintain a log of any potential attack that could occur, but will not take any action to stop it. The logs produced in passive or active mode will present you with additional details about the exact file which was attacked, the nature of the attack and the IP address it came from, and so on. This data will allow you to determine what actions you can take to enhance the safety of your Internet sites, including blocking IPs or performing script and plugin updates. The ModSecurity rules which we employ are updated regularly with a commercial bundle from a third-party security enterprise we work with, but oftentimes our staff include their own rules as well if they come across a new potential threat.