ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It is employed to stop attacks against script-driven Internet sites by employing security rules that contain specific expressions. This way, the firewall can stop hacking and spamming attempts and protect even sites that are not updated often. For instance, multiple failed login attempts to a script administrator area or attempts to execute a certain file with the objective to get access to the script shall trigger certain rules, so ModSecurity will block these activities the minute it detects them. The firewall is incredibly efficient since it tracks the entire HTTP traffic to a website in real time without slowing it down, so it could stop an attack before any damage is done. It additionally keeps a very detailed log of all attack attempts which includes more information than standard Apache logs, so you can later examine the data and take additional measures to enhance the security of your Internet sites if needed.

ModSecurity in Shared Website Hosting

We offer ModSecurity with all shared website hosting packages, so your Internet applications shall be resistant to malicious attacks. The firewall is turned on as standard for all domains and subdomains, but if you'd like, you will be able to stop it through the respective section of your Hepsia Control Panel. You'll be able to also switch on a detection mode, so ModSecurity will keep a log as intended, but will not take any action. The logs which you will discover within Hepsia are quite detailed and include data about the nature of any attack, when it transpired and from what IP address, the firewall rule that was triggered, etcetera. We use a group of commercial rules that are frequently updated, but sometimes our administrators include custom rules as well so as to better protect the Internet sites hosted on our servers.

ModSecurity in Semi-dedicated Hosting

ModSecurity is part of our semi-dedicated hosting plans and if you choose to host your Internet sites with our company, there shall not be anything special you'll need to do given that the firewall is turned on by default for all domains and subdomains you add through your hosting Control Panel. If necessary, you'll be able to disable ModSecurity for a certain website or switch on the so-called detection mode in which case the firewall will still function and record data, but won't do anything to prevent possible attacks against your sites. In depth logs shall be available within your CP and you'll be able to see what sort of attacks took place, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks originated from, and so on. We employ 2 types of rules on our servers - commercial ones from a business which operates in the field of web security, and custom made ones that our administrators sometimes add to respond to newly identified threats promptly.

ModSecurity in VPS

Protection is of the utmost importance to us, so we install ModSecurity on all virtual private servers that are made available with the Hepsia CP as a standard. The firewall can be managed through a dedicated section inside Hepsia and is turned on automatically when you add a new domain or generate a subdomain, so you will not need to do anything manually. You shall also be able to deactivate it or turn on the so-called detection mode, so it will keep a log of possible attacks that you can later study, but shall not stop them. The logs in both passive and active modes offer information about the kind of the attack and how it was stopped, what IP it originated from and other important info that might help you to tighten the security of your websites by updating them or blocking IPs, for instance. On top of the commercial rules which we get for ModSecurity from a third-party security company, we also implement our own rules as once in a while we identify specific attacks that are not yet present inside the commercial package. This way, we could increase the security of your VPS instantly rather than awaiting a certified update.

ModSecurity in Dedicated Hosting

ModSecurity is offered by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain that you host or subdomain which you create on the server. In case that a web application does not operate properly, you could either turn off the firewall or set it to function in passive mode. The latter means that ModSecurity shall keep a log of any potential attack that might take place, but won't take any action to stop it. The logs created in active or passive mode shall present you with more details about the exact file which was attacked, the type of the attack and the IP it came from, and so on. This data shall permit you to decide what measures you can take to improve the security of your sites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules which we use are updated constantly with a commercial pack from a third-party security firm we work with, but sometimes our staff include their own rules as well if they identify a new potential threat.