ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It's employed to stop attacks towards script-driven websites through the use of security rules which contain certain expressions. In this way, the firewall can prevent hacking and spamming attempts and protect even websites that aren't updated regularly. For instance, multiple failed login attempts to a script administrative area or attempts to execute a certain file with the objective to get access to the script shall trigger specific rules, so ModSecurity will stop these activities the instant it identifies them. The firewall is extremely efficient because it screens the entire HTTP traffic to a site in real time without slowing it down, so it can prevent an attack before any harm is done. It furthermore maintains a very detailed log of all attack attempts that features more information than typical Apache logs, so you can later analyze the data and take extra measures to enhance the security of your sites if needed.

ModSecurity in Cloud Website Hosting

ModSecurity is provided with all cloud website hosting servers, so when you choose to host your websites with our company, they'll be protected against a wide range of attacks. The firewall is enabled by default for all domains and subdomains, so there shall be nothing you'll need to do on your end. You'll be able to stop ModSecurity for any website if required, or to enable a detection mode, so all activity will be recorded, but the firewall won't take any real action. You'll be able to view comprehensive logs via your Hepsia CP including the IP where the attack originated from, what the attacker wanted to do and how ModSecurity dealt with the threat. As we take the safety of our customers' Internet sites very seriously, we use a collection of commercial rules that we get from one of the leading companies which maintain this sort of rules. Our admins also add custom rules to make sure that your Internet sites shall be shielded from as many risks as possible.

ModSecurity in Semi-dedicated Hosting

We have incorporated ModSecurity by default in all semi-dedicated hosting packages, so your web applications shall be protected the instant you install them under any domain or subdomain. The Hepsia Control Panel which comes with the semi-dedicated accounts shall allow you to switch on or disable the firewall for any Internet site with a click. You'll also be able to activate a passive detection mode in which ModSecurity shall keep a log of possible attacks without actually preventing them. The detailed logs include things like the nature of the attack and what ModSecurity response this attack generated, where it came from, etcetera. The list of rules that we use is frequently updated as to match any new threats which might appear on the Internet and it consists of both commercial rules that we get from a security company and custom-written ones that our admins include in case they find a threat that's not present inside the commercial list yet.

ModSecurity in VPS Web Hosting

ModSecurity is provided with all Hepsia-based virtual private servers we offer and it will be switched on automatically for every new domain or subdomain that you add on the machine. This way, any web application you install shall be secured immediately without doing anything by hand on your end. The firewall can be handled via the section of the CP which bears the same name. This is the location whereyou can disable ModSecurity or let its passive mode, so it won't take any action towards threats, but shall still maintain a thorough log. The recorded information is available in the same section as well and you'll be able to see what IPs any attacks originated from so that you can stop them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity reacted. The rules which we use on our servers are a combination between commercial ones which we get from a security organization and custom ones that are included by our administrators to optimize the protection of any web applications hosted on our end.

ModSecurity in Dedicated Servers Hosting

ModSecurity is provided with all dedicated servers that are set up with our Hepsia CP and you will not need to do anything specific on your end to use it since it is turned on by default whenever you add a new domain or subdomain on your hosting server. In case it interferes with any of your apps, you'll be able to stop it via the respective section of Hepsia, or you may leave it working in passive mode, so it'll detect attacks and will still keep a log for them, but won't prevent them. You could examine the logs later to find out what you can do to enhance the security of your sites as you will find details such as where an intrusion attempt originated from, what site was attacked and based upon what rule ModSecurity reacted, and so on. The rules which we employ are commercial, hence they are frequently updated by a security provider, but to be on the safe side, our admins also add custom rules every now and then as to deal with any new threats they have identified.