ModSecurity is a plugin for Apache web servers which acts as a web application layer firewall. It's used to prevent attacks towards script-driven websites by using security rules that contain certain expressions. In this way, the firewall can prevent hacking and spamming attempts and shield even Internet sites that are not updated often. As an example, numerous failed login attempts to a script admin area or attempts to execute a particular file with the intention to get access to the script shall trigger particular rules, so ModSecurity will stop these activities the second it detects them. The firewall is incredibly efficient because it tracks the whole HTTP traffic to a website in real time without slowing it down, so it can easily stop an attack before any harm is done. It additionally keeps a very detailed log of all attack attempts that includes more information than typical Apache logs, so you could later examine the data and take extra measures to increase the security of your Internet sites if needed.

ModSecurity in Cloud Website Hosting

ModSecurity is provided with all cloud website hosting web servers, so when you choose to host your websites with our organization, they'll be shielded from an array of attacks. The firewall is enabled by default for all domains and subdomains, so there'll be nothing you'll have to do on your end. You'll be able to stop ModSecurity for any website if necessary, or to activate a detection mode, so all activity shall be recorded, but the firewall will not take any real action. You will be able to view comprehensive logs through your Hepsia CP including the IP address where the attack came from, what the attacker planned to do and how ModSecurity handled the threat. As we take the safety of our customers' sites very seriously, we use a selection of commercial rules which we take from one of the leading companies that maintain this kind of rules. Our admins also add custom rules to make sure that your Internet sites shall be resistant to as many risks as possible.

ModSecurity in Semi-dedicated Hosting

ModSecurity is a part of our semi-dedicated hosting packages and if you choose to host your sites with us, there won't be anything special you'll need to do as the firewall is activated by default for all domains and subdomains which you include through your hosting CP. If necessary, you'll be able to disable ModSecurity for a certain website or activate the so-called detection mode in which case the firewall will still work and record information, but shall not do anything to stop possible attacks against your Internet sites. Thorough logs shall be available in your CP and you shall be able to see what sort of attacks happened, what security rules were triggered and how the firewall dealt with the threats, what IP addresses the attacks originated from, etcetera. We use 2 sorts of rules on our servers - commercial ones from a company which operates in the field of web security, and customized ones that our administrators often add to respond to newly identified risks in a timely manner.

ModSecurity in VPS Web Hosting

Security is of the utmost importance to us, so we set up ModSecurity on all virtual private servers that are set up with the Hepsia CP by default. The firewall can be managed via a dedicated section in Hepsia and is turned on automatically when you include a new domain or generate a subdomain, so you won't need to do anything by hand. You shall also be able to disable it or switch on the so-called detection mode, so it will maintain a log of potential attacks which you can later examine, but will not prevent them. The logs in both passive and active modes offer details about the type of the attack and how it was stopped, what IP address it came from and other useful information which might help you to tighten the security of your Internet sites by updating them or blocking IPs, for instance. Besides the commercial rules we get for ModSecurity from a third-party security firm, we also implement our own rules because every now and then we find specific attacks which are not yet present in the commercial pack. That way, we could increase the security of your Virtual private server instantly rather than awaiting an official update.

ModSecurity in Dedicated Servers Hosting

All our dedicated servers which are installed with the Hepsia hosting Control Panel feature ModSecurity, so any app you upload or install shall be secured from the very beginning and you will not have to stress about common attacks or vulnerabilities. A separate section inside Hepsia will allow you to start or stop the firewall for each domain or subdomain, or activate a detection mode so that it records details about intrusions, but doesn't take actions to stop them. What you shall find in the logs shall help you to secure your Internet sites better - the IP an attack originated from, what site was attacked and exactly how, what ModSecurity rule was triggered, etc. With this data, you'll be able to see whether a site needs an update, if you need to block IPs from accessing your web server, and so forth. In addition to the third-party commercial security rules for ModSecurity which we use, our administrators include custom ones as well whenever they come across a new threat that is not yet a part of the commercial bundle.