ModSecurity is a plugin for Apache web servers which functions as a web application layer firewall. It is used to prevent attacks toward script-driven websites by employing security rules which contain particular expressions. In this way, the firewall can stop hacking and spamming attempts and protect even sites which are not updated on a regular basis. As an example, several unsuccessful login attempts to a script administrative area or attempts to execute a specific file with the objective to get access to the script will trigger particular rules, so ModSecurity shall stop these activities the minute it identifies them. The firewall is very efficient because it tracks the whole HTTP traffic to a website in real time without slowing it down, so it could stop an attack before any harm is done. It also maintains an incredibly detailed log of all attack attempts that includes more information than typical Apache logs, so you can later check out the data and take extra measures to improve the security of your websites if needed.

ModSecurity in Cloud Hosting

ModSecurity is available with each and every cloud hosting plan that we offer and it is turned on by default for any domain or subdomain which you include through your Hepsia Control Panel. If it disrupts any of your applications or you would like to disable it for any reason, you'll be able to do that through the ModSecurity section of Hepsia with just a mouse click. You may also activate a passive mode, so the firewall will discover potential attacks and maintain a log, but won't take any action. You'll be able to see comprehensive logs in the same section, including the IP where the attack came from, what precisely the attacker aimed to do and at what time, what ModSecurity did, and so on. For max security of our customers we use a collection of commercial firewall rules blended with custom ones which are included by our system administrators.

ModSecurity in Semi-dedicated Hosting

ModSecurity is a part of our semi-dedicated hosting solutions and if you opt to host your websites with us, there will not be anything special you will have to do as the firewall is switched on by default for all domains and subdomains that you include using your hosting Control Panel. If needed, you can disable ModSecurity for a given Internet site or turn on the so-called detection mode in which case the firewall shall still function and record information, but will not do anything to stop possible attacks against your websites. In depth logs shall be accessible inside your Control Panel and you'll be able to see what sort of attacks happened, what security rules were triggered and how the firewall handled the threats, what Internet protocol addresses the attacks originated from, and so on. We use two types of rules on our servers - commercial ones from a firm that operates in the field of web security, and custom ones that our admins sometimes add to respond to newly identified risks in a timely manner.

ModSecurity in VPS Web Hosting

ModSecurity is provided with all Hepsia-based virtual private servers that we offer and it shall be switched on automatically for any new domain or subdomain you include on the web server. This way, any web application that you install will be protected immediately without doing anything personally on your end. The firewall can be handled via the section of the CP which bears the same name. This is the location whereyou can switch off ModSecurity or let its passive mode, so it shall not take any action toward threats, but shall still keep a comprehensive log. The recorded information is available within the same area as well and you will be able to see what IPs any attacks originated from to enable you to stop them, what the nature of the attempted attacks was and based on what security rules ModSecurity reacted. The rules that we use on our servers are a mixture between commercial ones which we obtain from a security organization and custom ones which are included by our staff to maximize the security of any web applications hosted on our end.

ModSecurity in Dedicated Servers Hosting

ModSecurity comes with all dedicated servers which are set up with our Hepsia Control Panel and you won't have to do anything specific on your end to use it since it is enabled by default each time you include a new domain or subdomain on your web server. In the event that it interferes with any of your apps, you will be able to stop it via the respective area of Hepsia, or you could leave it working in passive mode, so it will detect attacks and shall still maintain a log for them, but won't stop them. You'll be able to examine the logs later to determine what you can do to increase the security of your sites as you will find details such as where an intrusion attempt came from, what website was attacked and based upon what rule ModSecurity responded, and so on. The rules which we employ are commercial, therefore they are constantly updated by a security company, but to be on the safe side, our staff also include custom rules occasionally in order to respond to any new threats they have found.