ModSecurity is a plugin for Apache web servers that acts as a web app layer firewall. It's used to prevent attacks against script-driven websites by using security rules which contain certain expressions. That way, the firewall can stop hacking and spamming attempts and preserve even Internet sites which aren't updated on a regular basis. For example, multiple failed login attempts to a script admin area or attempts to execute a particular file with the intention to get access to the script will trigger particular rules, so ModSecurity will stop these activities the minute it identifies them. The firewall is very efficient because it monitors the entire HTTP traffic to a website in real time without slowing it down, so it could stop an attack before any damage is done. It furthermore maintains a very thorough log of all attack attempts that features more info than conventional Apache logs, so you can later check out the data and take further measures to enhance the security of your sites if required.

ModSecurity in Cloud Web Hosting

ModSecurity is available with every cloud web hosting solution which we offer and it is switched on by default for any domain or subdomain that you include via your Hepsia CP. If it disrupts any of your apps or you'd like to disable it for whatever reason, you'll be able to do this through the ModSecurity area of Hepsia with simply a mouse click. You can also activate a passive mode, so the firewall will detect possible attacks and keep a log, but shall not take any action. You'll be able to view extensive logs in the exact same section, including the IP where the attack originated from, exactly what the attacker attempted to do and at what time, what ModSecurity did, etcetera. For max protection of our clients we use a collection of commercial firewall rules blended with custom ones that are provided by our system administrators.

ModSecurity in Semi-dedicated Servers

ModSecurity is part of our semi-dedicated server plans and if you opt to host your Internet sites with us, there won't be anything special you'll need to do since the firewall is activated by default for all domains and subdomains which you include through your hosting CP. If required, you'll be able to disable ModSecurity for a certain website or switch on the so-called detection mode in which case the firewall shall still operate and record data, but won't do anything to stop potential attacks on your sites. Thorough logs will be accessible inside your CP and you will be able to see which kind of attacks took place, what security rules were triggered and how the firewall addressed the threats, what IP addresses the attacks came from, and so forth. We employ two sorts of rules on our servers - commercial ones from a company that operates in the field of web security, and custom ones which our administrators occasionally include to respond to newly found threats promptly.

ModSecurity in VPS Servers

Protection is very important to us, so we set up ModSecurity on all VPS servers which are made available with the Hepsia CP as a standard. The firewall could be managed via a dedicated section inside Hepsia and is activated automatically when you include a new domain or create a subdomain, so you won't have to do anything by hand. You shall also be able to deactivate it or activate the so-called detection mode, so it shall maintain a log of potential attacks which you can later analyze, but shall not prevent them. The logs in both passive and active modes offer information regarding the type of the attack and how it was eliminated, what IP it originated from and other valuable data that may help you to tighten the security of your sites by updating them or blocking IPs, for instance. Besides the commercial rules which we get for ModSecurity from a third-party security enterprise, we also employ our own rules since from time to time we detect specific attacks that are not yet present within the commercial package. This way, we could enhance the security of your VPS right away as opposed to awaiting an official update.

ModSecurity in Dedicated Servers

ModSecurity is provided with all dedicated servers that are integrated with our Hepsia CP and you will not have to do anything specific on your end to employ it since it's enabled by default whenever you include a new domain or subdomain on your hosting server. In case it interferes with any of your applications, you will be able to stop it through the respective part of Hepsia, or you can leave it operating in passive mode, so it'll recognize attacks and shall still keep a log for them, but won't stop them. You'll be able to analyze the logs later to find out what you can do to improve the security of your Internet sites since you'll find info such as where an intrusion attempt originated from, what Internet site was attacked and in accordance with what rule ModSecurity responded, etc. The rules that we employ are commercial, therefore they are frequently updated by a security firm, but to be on the safe side, our admins also include custom rules occasionally as to respond to any new threats they have found.