ModSecurity is a plugin for Apache web servers which functions as a web application layer firewall. It is used to prevent attacks toward script-driven sites by employing security rules which contain specific expressions. This way, the firewall can block hacking and spamming attempts and shield even websites which aren't updated frequently. As an example, numerous unsuccessful login attempts to a script administrator area or attempts to execute a particular file with the objective to get access to the script shall trigger specific rules, so ModSecurity shall block these activities the second it identifies them. The firewall is incredibly efficient since it tracks the entire HTTP traffic to a site in real time without slowing it down, so it can prevent an attack before any harm is done. It also keeps a very comprehensive log of all attack attempts that features more info than traditional Apache logs, so you could later analyze the data and take additional measures to enhance the security of your websites if necessary.

ModSecurity in Shared Web Hosting

We offer ModSecurity with all shared web hosting solutions, so your web apps will be protected against malicious attacks. The firewall is switched on as standard for all domains and subdomains, but if you'd like, you shall be able to stop it via the respective part of your Hepsia CP. You can also switch on a detection mode, so ModSecurity will keep a log as intended, but won't take any action. The logs that you shall find inside Hepsia are extremely detailed and feature information about the nature of any attack, when it transpired and from what IP, the firewall rule that was triggered, etc. We employ a set of commercial rules which are regularly updated, but sometimes our administrators add custom rules as well in order to better protect the websites hosted on our servers.

ModSecurity in Semi-dedicated Servers

ModSecurity is a part of our semi-dedicated server plans and if you decide to host your websites with us, there won't be anything special you'll need to do given that the firewall is switched on by default for all domains and subdomains that you add using your hosting Control Panel. If necessary, you could disable ModSecurity for a certain Internet site or enable the so-called detection mode in which case the firewall will still work and record info, but will not do anything to prevent potential attacks on your sites. Thorough logs will be accessible inside your Control Panel and you shall be able to see which kind of attacks happened, what security rules were triggered and how the firewall handled the threats, what Internet protocol addresses the attacks originated from, etc. We employ 2 sorts of rules on our servers - commercial ones from an organization which operates in the field of web security, and customized ones which our administrators sometimes include to respond to newly discovered threats on time.

ModSecurity in VPS Servers

ModSecurity is provided with all Hepsia-based VPS servers which we offer and it'll be switched on automatically for any new domain or subdomain which you add on the server. That way, any web app that you install will be protected right from the start without doing anything manually on your end. The firewall can be managed via the section of the CP which has the same name. This is the area whereyou could disable ModSecurity or enable its passive mode, so it will not take any action toward threats, but shall still maintain a detailed log. The recorded data is available within the same area as well and you'll be able to see what IPs any attacks originated from to enable you to block them, what the nature of the attempted attacks was and based on what security rules ModSecurity reacted. The rules that we employ on our servers are a combination between commercial ones we obtain from a security organization and custom ones which are added by our admins to optimize the security of any web applications hosted on our end.

ModSecurity in Dedicated Servers

ModSecurity is available as standard with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain which you create on the web server. In the event that a web application does not work properly, you may either switch off the firewall or set it to operate in passive mode. The latter means that ModSecurity will keep a log of any possible attack that might take place, but will not take any action to prevent it. The logs created in passive or active mode shall give you more details about the exact file that was attacked, the type of the attack and the IP it came from, and so on. This info will allow you to decide what actions you can take to increase the protection of your Internet sites, including blocking IPs or performing script and plugin updates. The ModSecurity rules we employ are updated frequently with a commercial pack from a third-party security enterprise we work with, but sometimes our administrators add their own rules as well if they discover a new potential threat.