ModSecurity is a plugin for Apache web servers that acts as a web application layer firewall. It is used to prevent attacks toward script-driven websites by employing security rules that contain specific expressions. In this way, the firewall can prevent hacking and spamming attempts and shield even sites which are not updated often. For instance, numerous failed login attempts to a script admin area or attempts to execute a specific file with the intention to get access to the script shall trigger specific rules, so ModSecurity will stop these activities the instant it detects them. The firewall is quite efficient as it monitors the entire HTTP traffic to a website in real time without slowing it down, so it will be able to stop an attack before any harm is done. It also maintains a very thorough log of all attack attempts which features more info than traditional Apache logs, so you can later examine the data and take further measures to improve the security of your websites if required.

ModSecurity in Web Hosting

ModSecurity can be found with every web hosting plan that we offer and it's switched on by default for every domain or subdomain which you add through your Hepsia Control Panel. In case it disrupts any of your apps or you would like to disable it for whatever reason, you will be able to achieve that through the ModSecurity section of Hepsia with just a click. You can also use a passive mode, so the firewall will detect possible attacks and keep a log, but shall not take any action. You can see detailed logs in the exact same section, including the IP address where the attack originated from, what precisely the attacker aimed to do and at what time, what ModSecurity did, and so forth. For max protection of our clients we use a set of commercial firewall rules blended with custom ones which are provided by our system admins.

ModSecurity in Semi-dedicated Servers

ModSecurity is a part of our semi-dedicated server packages and if you choose to host your Internet sites with our company, there won't be anything special you'll need to do given that the firewall is switched on by default for all domains and subdomains which you add via your hosting Control Panel. If necessary, you can disable ModSecurity for a certain Internet site or enable the so-called detection mode in which case the firewall shall still work and record information, but won't do anything to stop potential attacks against your Internet sites. Comprehensive logs shall be available in your Control Panel and you will be able to see what sort of attacks happened, what security rules were triggered and how the firewall addressed the threats, what Internet protocol addresses the attacks originated from, and so forth. We employ two kinds of rules on our servers - commercial ones from a company that operates in the field of web security, and custom made ones which our administrators sometimes include to respond to newly found risks on time.

ModSecurity in Dedicated Servers

All of our dedicated servers that are installed with the Hepsia hosting Control Panel come with ModSecurity, so any application you upload or set up shall be protected from the very beginning and you will not need to stress about common attacks or vulnerabilities. An individual section inside Hepsia will permit you to start or stop the firewall for each domain or subdomain, or switch on a detection mode so that it records details about intrusions, but doesn't take actions to stop them. What you shall discover in the logs can easily allow you to to secure your websites better - the IP an attack came from, what site was attacked and exactly how, what ModSecurity rule was triggered, and so on. With this data, you'll be able to see whether a website needs an update, if you ought to block IPs from accessing your server, and so on. Aside from the third-party commercial security rules for ModSecurity we use, our administrators add custom ones as well every time they discover a new threat that is not yet in the commercial bundle.