ModSecurity is a plugin for Apache web servers that acts as a web app layer firewall. It's used to stop attacks towards script-driven sites by employing security rules that contain particular expressions. That way, the firewall can prevent hacking and spamming attempts and preserve even sites which aren't updated often. For example, a number of failed login attempts to a script administrator area or attempts to execute a particular file with the intention to get access to the script will trigger specific rules, so ModSecurity will block these activities the minute it detects them. The firewall is extremely efficient as it tracks the entire HTTP traffic to a website in real time without slowing it down, so it can easily stop an attack before any harm is done. It additionally maintains an incredibly detailed log of all attack attempts which features more info than typical Apache logs, so you could later examine the data and take extra measures to enhance the security of your websites if necessary.

ModSecurity in Cloud Hosting

ModSecurity is offered with every cloud hosting plan that we provide and it's turned on by default for every domain or subdomain which you add through your Hepsia Control Panel. In case it disrupts any of your apps or you would like to disable it for some reason, you will be able to accomplish that through the ModSecurity area of Hepsia with simply a mouse click. You could also enable a passive mode, so the firewall will recognize possible attacks and keep a log, but won't take any action. You can view detailed logs in the very same section, including the IP address where the attack came from, what exactly the attacker aimed to do and at what time, what ModSecurity did, and so on. For max safety of our customers we use a set of commercial firewall rules mixed with custom ones that are included by our system administrators.

ModSecurity in Semi-dedicated Servers

ModSecurity is a part of our semi-dedicated server packages and if you opt to host your websites with our company, there will not be anything special you'll need to do given that the firewall is turned on by default for all domains and subdomains that you add using your hosting Control Panel. If needed, you can disable ModSecurity for a particular website or switch on the so-called detection mode in which case the firewall will still operate and record data, but will not do anything to stop potential attacks against your websites. In depth logs shall be accessible inside your CP and you will be able to see what sort of attacks occurred, what security rules were triggered and how the firewall dealt with the threats, what IP addresses the attacks came from, and so on. We use two types of rules on our servers - commercial ones from an organization that operates in the field of web security, and custom ones that our administrators sometimes include to respond to newly discovered risks promptly.

ModSecurity in VPS Servers

Safety is extremely important to us, so we set up ModSecurity on all VPS servers which are provided with the Hepsia CP by default. The firewall can be managed through a dedicated section inside Hepsia and is switched on automatically when you include a new domain or generate a subdomain, so you'll not need to do anything personally. You'll also be able to disable it or activate the so-called detection mode, so it will maintain a log of possible attacks that you can later study, but will not stop them. The logs in both passive and active modes contain info regarding the form of the attack and how it was eliminated, what IP it originated from and other useful data that might help you to tighten the security of your sites by updating them or blocking IPs, as an example. In addition to the commercial rules which we get for ModSecurity from a third-party security firm, we also employ our own rules because from time to time we detect specific attacks that aren't yet present within the commercial package. This way, we could increase the protection of your VPS in a timely manner rather than awaiting an official update.

ModSecurity in Dedicated Servers

All of our dedicated servers which are installed with the Hepsia hosting CP come with ModSecurity, so any app which you upload or install will be secured from the very beginning and you won't need to worry about common attacks or vulnerabilities. An independent section within Hepsia will enable you to start or stop the firewall for any domain or subdomain, or turn on a detection mode so that it records information regarding intrusions, but doesn't take actions to prevent them. What you shall see in the logs can easily enable you to to secure your Internet sites better - the IP an attack came from, what website was attacked and in what way, what ModSecurity rule was triggered, and so on. With this info, you'll be able to see whether an Internet site needs an update, if you should block IPs from accessing your hosting server, etcetera. Aside from the third-party commercial security rules for ModSecurity we use, our admins include custom ones too whenever they discover a new threat that's not yet a part of the commercial bundle.