ModSecurity is a plugin for Apache web servers that acts as a web application layer firewall. It is used to prevent attacks against script-driven websites by employing security rules which contain certain expressions. This way, the firewall can stop hacking and spamming attempts and protect even sites that are not updated on a regular basis. For instance, multiple unsuccessful login attempts to a script admin area or attempts to execute a particular file with the intention to get access to the script will trigger specific rules, so ModSecurity will block these activities the minute it discovers them. The firewall is incredibly efficient because it monitors the entire HTTP traffic to a site in real time without slowing it down, so it will be able to stop an attack before any harm is done. It additionally maintains an incredibly thorough log of all attack attempts that includes more info than typical Apache logs, so you can later check out the data and take further measures to boost the security of your websites if needed.

ModSecurity in Shared Hosting

ModSecurity comes by default with all shared hosting plans which we supply and it shall be activated automatically for any domain or subdomain which you add/create in your Hepsia hosting CP. The firewall has three different modes, so you could switch on and deactivate it with a mouse click or set it to detection mode, so it will maintain a log of all attacks, but it shall not do anything to prevent them. The log for any of your Internet sites shall contain elaborate information including the nature of the attack, where it originated from, what action was taken by ModSecurity, and so forth. The firewall rules which we use are frequently updated and comprise of both commercial ones we get from a third-party security business and custom ones which our system admins include in case that they detect a new type of attacks. That way, the sites that you host here will be far more secure without any action needed on your end.

ModSecurity in Semi-dedicated Hosting

ModSecurity is part of our semi-dedicated hosting solutions and if you choose to host your sites with us, there won't be anything special you'll have to do as the firewall is activated by default for all domains and subdomains which you add via your hosting Control Panel. If needed, you could disable ModSecurity for a certain website or turn on the so-called detection mode in which case the firewall will still function and record information, but shall not do anything to stop possible attacks against your websites. Comprehensive logs will be accessible inside your Control Panel and you'll be able to see what type of attacks took place, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks came from, etc. We use 2 kinds of rules on our servers - commercial ones from a business which operates in the field of web security, and custom ones which our administrators occasionally include to respond to newly found risks on time.

ModSecurity in VPS Web Hosting

ModSecurity is provided with all Hepsia-based virtual private servers we offer and it will be activated automatically for every new domain or subdomain that you add on the machine. This way, any web app which you install shall be secured right from the start without doing anything personally on your end. The firewall could be managed via the section of the CP that has the same name. This is the place in whichyou can turn off ModSecurity or activate its passive mode, so it shall not take any action toward threats, but shall still maintain a detailed log. The recorded info is available in the same area as well and you will be able to see what IPs any attacks originated from so that you can block them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity responded. The rules that we employ on our servers are a combination between commercial ones that we obtain from a security firm and custom ones which are added by our administrators to maximize the protection of any web apps hosted on our end.

ModSecurity in Dedicated Servers Hosting

All of our dedicated servers that are installed with the Hepsia hosting Control Panel include ModSecurity, so any program you upload or install will be secured from the very beginning and you will not have to stress about common attacks or vulnerabilities. An individual section in Hepsia will allow you to start or stop the firewall for any domain or subdomain, or turn on a detection mode so that it records info about intrusions, but doesn't take actions to prevent them. What you'll see in the logs can allow you to to secure your websites better - the IP address an attack originated from, what site was attacked and exactly how, what ModSecurity rule was triggered, etcetera. With this data, you can see whether a website needs an update, whether you ought to block IPs from accessing your server, etc. In addition to the third-party commercial security rules for ModSecurity that we use, our administrators add custom ones as well every time they come across a new threat which is not yet in the commercial bundle.