ModSecurity is a plugin for Apache web servers that acts as a web application layer firewall. It's employed to prevent attacks against script-driven Internet sites by employing security rules which contain specific expressions. In this way, the firewall can stop hacking and spamming attempts and protect even sites that aren't updated regularly. For instance, multiple failed login attempts to a script administrative area or attempts to execute a specific file with the intention to get access to the script shall trigger particular rules, so ModSecurity will stop these activities the second it discovers them. The firewall is quite efficient because it screens the entire HTTP traffic to a website in real time without slowing it down, so it will be able to prevent an attack before any damage is done. It also maintains a very detailed log of all attack attempts that features more information than conventional Apache logs, so you can later check out the data and take extra measures to increase the security of your websites if needed.

ModSecurity in Shared Web Hosting

ModSecurity comes by default with all shared web hosting solutions that we offer and it'll be switched on automatically for any domain or subdomain which you add/create in your Hepsia hosting CP. The firewall has 3 different modes, so you can activate and deactivate it with just a mouse click or set it to detection mode, so it'll keep a log of all attacks, but it'll not do anything to prevent them. The log for any of your Internet sites shall include detailed information such as the nature of the attack, where it originated from, what action was taken by ModSecurity, etc. The firewall rules that we use are frequently updated and comprise of both commercial ones we get from a third-party security company and custom ones our system administrators include in the event that they detect a new sort of attacks. This way, the websites that you host here will be far more secure with no action needed on your end.

ModSecurity in Semi-dedicated Hosting

We've integrated ModSecurity by default in all semi-dedicated hosting packages, so your web apps shall be protected the instant you set them up under any domain or subdomain. The Hepsia Control Panel which comes with the semi-dedicated accounts shall allow you to activate or turn off the firewall for any website with a click. You will also be able to turn on a passive detection mode through which ModSecurity will keep a log of possible attacks without really stopping them. The thorough logs include the nature of the attack and what ModSecurity response that attack triggered, where it came from, etcetera. The list of rules which we use is frequently updated in order to match any new threats that could appear on the Internet and it comes with both commercial rules that we get from a security company and custom-written ones that our administrators include in the event that they find a threat that is not present inside the commercial list yet.

ModSecurity in VPS Web Hosting

ModSecurity comes with all Hepsia-based virtual private servers that we offer and it will be activated automatically for every new domain or subdomain that you include on the machine. That way, any web application that you install will be protected from the very beginning without doing anything by hand on your end. The firewall can be managed via the section of the CP that bears the same name. This is the location whereyou'll be able to turn off ModSecurity or let its passive mode, so it won't take any action against threats, but shall still keep a thorough log. The recorded information is available within the same section as well and you will be able to see what IPs any attacks came from so that you can block them, what the nature of the attempted attacks was and based upon what security rules ModSecurity reacted. The rules that we employ on our servers are a blend between commercial ones which we get from a security company and custom ones that are added by our staff to improve the protection of any web applications hosted on our end.

ModSecurity in Dedicated Servers Hosting

All our dedicated servers which are set up with the Hepsia hosting CP come with ModSecurity, so any app that you upload or set up will be secured from the very beginning and you'll not have to worry about common attacks or vulnerabilities. An independent section inside Hepsia will enable you to start or stop the firewall for any domain or subdomain, or switch on a detection mode so that it records information about intrusions, but doesn't take actions to prevent them. What you will discover in the logs can allow you to to secure your websites better - the IP address an attack came from, what site was attacked as well as how, what ModSecurity rule was triggered, etc. With this information, you could see if a site needs an update, whether you should block IPs from accessing your hosting server, etc. Aside from the third-party commercial security rules for ModSecurity we use, our admins include custom ones as well every time they discover a new threat that's not yet a part of the commercial bundle.