ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It is employed to stop attacks against script-driven sites by using security rules which contain particular expressions. This way, the firewall can prevent hacking and spamming attempts and protect even sites that aren't updated often. As an example, several failed login attempts to a script administrative area or attempts to execute a particular file with the intention to get access to the script shall trigger specific rules, so ModSecurity shall stop these activities the instant it detects them. The firewall is very efficient since it screens the entire HTTP traffic to an Internet site in real time without slowing it down, so it can stop an attack before any harm is done. It also keeps a very comprehensive log of all attack attempts that features more info than conventional Apache logs, so you can later analyze the data and take further measures to boost the security of your Internet sites if needed.

ModSecurity in Cloud Hosting

ModSecurity is offered with every cloud hosting package that we offer and it is activated by default for any domain or subdomain which you add via your Hepsia CP. In case it interferes with any of your applications or you would like to disable it for some reason, you will be able to accomplish that through the ModSecurity area of Hepsia with merely a mouse click. You may also activate a passive mode, so the firewall will identify potential attacks and keep a log, but will not take any action. You can see detailed logs in the same section, including the IP where the attack came from, what precisely the attacker attempted to do and at what time, what ModSecurity did, and so forth. For optimum security of our clients we use a set of commercial firewall rules mixed with custom ones which are provided by our system admins.

ModSecurity in Semi-dedicated Servers

Any web application you install within your new semi-dedicated server account will be protected by ModSecurity since the firewall comes with all our hosting packages and is switched on by default for any domain and subdomain which you include or create using your Hepsia hosting Control Panel. You will be able to manage ModSecurity via a dedicated section within Hepsia where not simply can you activate or deactivate it entirely, but you can also enable a passive mode, so the firewall won't block anything, but it'll still keep an archive of possible attacks. This normally requires simply a mouse click and you shall be able to see the logs no matter if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was addressed, etcetera. The firewall employs two sets of rules on our web servers - a commercial one that we get from a third-party web security company and a custom one which our admins update personally as to respond to newly discovered risks as fast as possible.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers which are provided with the Hepsia hosting CP, so your web apps will be secured from the moment your server is in a position. The firewall is activated by default for any domain or subdomain on the VPS, but if needed, you can deactivate it with a mouse click via the corresponding section of Hepsia. You may also set it to function in detection mode, so it'll keep an extensive log of any possible attacks without taking any action to prevent them. The logs are available in the same section and provide information about the nature of the attack, what IP address it came from and what ModSecurity rule was activated to stop it. For best security, we use not only commercial rules from a company operating in the field of web security, but also custom ones our administrators add manually so as to respond to new threats which are still not dealt with in the commercial rules.

ModSecurity in Dedicated Servers

ModSecurity is included with all dedicated servers that are set up with our Hepsia Control Panel and you'll not need to do anything specific on your end to employ it because it's enabled by default whenever you add a new domain or subdomain on your web server. In case it interferes with any of your programs, you shall be able to stop it via the respective section of Hepsia, or you can leave it operating in passive mode, so it'll recognize attacks and shall still keep a log for them, but shall not block them. You may analyze the logs later to find out what you can do to boost the safety of your sites as you'll find info such as where an intrusion attempt came from, what site was attacked and in accordance with what rule ModSecurity responded, and so forth. The rules that we use are commercial, therefore they are regularly updated by a security firm, but to be on the safe side, our staff also add custom rules from time to time in order to deal with any new threats they have found.