ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It is employed to stop attacks towards script-driven sites by using security rules that contain certain expressions. That way, the firewall can stop hacking and spamming attempts and preserve even websites that are not updated often. For example, multiple failed login attempts to a script administrative area or attempts to execute a particular file with the intention to get access to the script will trigger specific rules, so ModSecurity will block out these activities the second it discovers them. The firewall is very efficient because it monitors the whole HTTP traffic to an Internet site in real time without slowing it down, so it can easily stop an attack before any damage is done. It furthermore keeps an incredibly thorough log of all attack attempts that includes more info than conventional Apache logs, so you could later examine the data and take additional measures to improve the security of your websites if needed.

ModSecurity in Shared Hosting

ModSecurity comes standard with all shared hosting plans which we supply and it shall be switched on automatically for any domain or subdomain which you add/create in your Hepsia hosting Control Panel. The firewall has three different modes, so you could switch on and disable it with only a click or set it to detection mode, so it'll maintain a log of all attacks, but it shall not do anything to stop them. The log for each of your websites shall contain in-depth information which includes the nature of the attack, where it originated from, what action was taken by ModSecurity, etcetera. The firewall rules we use are frequently updated and comprise of both commercial ones which we get from a third-party security business and custom ones our system admins add in case that they detect a new type of attacks. This way, the sites you host here shall be a lot more protected without any action expected on your end.

ModSecurity in Semi-dedicated Hosting

We've integrated ModSecurity as a standard inside all semi-dedicated hosting plans, so your web apps will be protected the instant you install them under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts will allow you to switch on or disable the firewall for any Internet site with a click. You'll also have the ability to activate a passive detection mode in which ModSecurity will maintain a log of potential attacks without actually preventing them. The thorough logs contain the nature of the attack and what ModSecurity response that attack triggered, where it originated from, and so on. The list of rules we employ is constantly updated as to match any new risks which might appear on the Internet and it consists of both commercial rules that we get from a security firm and custom-written ones which our administrators add in the event that they discover a threat that is not present within the commercial list yet.

ModSecurity in VPS

Safety is of the utmost importance to us, so we install ModSecurity on all virtual private servers that are made available with the Hepsia Control Panel by default. The firewall can be managed through a dedicated section in Hepsia and is turned on automatically when you include a new domain or generate a subdomain, so you will not have to do anything by hand. You will also be able to deactivate it or switch on the so-called detection mode, so it will maintain a log of potential attacks which you can later examine, but won't prevent them. The logs in both passive and active modes include information regarding the kind of the attack and how it was prevented, what IP address it originated from and other valuable info which might help you to tighten the security of your Internet sites by updating them or blocking IPs, for instance. Besides the commercial rules that we get for ModSecurity from a third-party security company, we also implement our own rules as occasionally we find specific attacks that are not yet present within the commercial package. This way, we could boost the security of your VPS immediately as opposed to awaiting an official update.

ModSecurity in Dedicated Hosting

All our dedicated servers that are installed with the Hepsia hosting Control Panel come with ModSecurity, so any application you upload or install shall be properly secured from the very beginning and you will not have to bother about common attacks or vulnerabilities. An individual section inside Hepsia will allow you to start or stop the firewall for each domain or subdomain, or switch on a detection mode so that it records info about intrusions, but does not take actions to prevent them. What you shall discover in the logs can easily allow you to to secure your sites better - the IP an attack originated from, what site was attacked as well as how, what ModSecurity rule was triggered, and so forth. With this information, you could see whether a site needs an update, whether you need to block IPs from accessing your web server, and so on. Besides the third-party commercial security rules for ModSecurity which we use, our administrators include custom ones as well if they find a new threat which is not yet included in the commercial bundle.