ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It is employed to prevent attacks toward script-driven sites through the use of security rules which contain certain expressions. In this way, the firewall can prevent hacking and spamming attempts and shield even sites which aren't updated often. For instance, several unsuccessful login attempts to a script admin area or attempts to execute a specific file with the intention to get access to the script will trigger particular rules, so ModSecurity shall stop these activities the minute it identifies them. The firewall is quite efficient as it tracks the entire HTTP traffic to a website in real time without slowing it down, so it can easily prevent an attack before any damage is done. It also maintains an exceptionally detailed log of all attack attempts that includes more info than typical Apache logs, so you can later analyze the data and take extra measures to enhance the security of your Internet sites if necessary.

ModSecurity in Hosting

ModSecurity comes standard with all hosting solutions which we offer and it shall be switched on automatically for any domain or subdomain which you add/create in your Hepsia hosting Control Panel. The firewall has 3 different modes, so you'll be able to activate and deactivate it with simply a click or set it to detection mode, so it shall maintain a log of all attacks, but it shall not do anything to stop them. The log for each of your sites shall include comprehensive information such as the nature of the attack, where it came from, what action was taken by ModSecurity, and so forth. The firewall rules which we use are regularly updated and consist of both commercial ones we get from a third-party security business and custom ones our system admins add in the event that they detect a new sort of attacks. In this way, the Internet sites you host here shall be much more secure without any action expected on your end.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server packages which we offer include ModSecurity and given that the firewall is turned on by default, any website which you create under a domain or a subdomain shall be secured right away. A separate section in the Hepsia CP that comes with the semi-dedicated accounts is dedicated to ModSecurity and it shall enable you to start and stop the firewall for any site or enable a detection mode. With the last mentioned, ModSecurity shall not take any action, but it will still detect possible attacks and will keep all info within a log as if it were 100% active. The logs could be found inside the same section of the CP and they include info about the IP where an attack came from, what its nature was, what rule ModSecurity applies to recognize and stop it, and so on. The security rules which we use on our servers are a mix between commercial ones from a security company and custom ones made by our system administrators. Consequently, we offer greater security for your web applications as we can shield them from attacks even before security companies release updates for new threats.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are offered with the Hepsia hosting Control Panel, so your web apps shall be secured from the instant your server is in a position. The firewall is activated by default for any domain or subdomain on the VPS, but if required, you could disable it with a click of your mouse from the corresponding section of Hepsia. You can also set it to function in detection mode, so it'll maintain a detailed log of any possible attacks without taking any action to stop them. The logs are available in the same section and provide information about the nature of the attack, what IP address it came from and what ModSecurity rule was initiated to stop it. For best security, we use not simply commercial rules from a company operating in the field of web security, but also custom ones which our admins include manually in order to respond to new threats which are still not addressed in the commercial rules.

ModSecurity in Dedicated Servers

When you decide to host your sites on a dedicated server with the Hepsia Control Panel, your web applications will be protected immediately since ModSecurity is provided with all Hepsia-based solutions. You will be able to regulate the firewall effortlessly and if needed, you shall be able to turn it off or activate its passive mode when it will only maintain a log of what's going on without taking any action to prevent potential attacks. The logs which you'll find within the very same section of the Control Panel are incredibly detailed and feature info about the attacker IP address, what site and file were attacked and in what way, what rule the firewall employed to prevent the intrusion, and so on. This info will permit you to take measures and boost the protection of your websites even more. To be on the safe side, we employ not only commercial rules, but also custom-made ones which our admins add whenever they recognize attacks which haven't yet been included within the commercial pack.