ModSecurity is a plugin for Apache web servers that acts as a web app layer firewall. It's used to prevent attacks towards script-driven sites through the use of security rules which contain specific expressions. In this way, the firewall can block hacking and spamming attempts and preserve even sites that are not updated on a regular basis. For example, several unsuccessful login attempts to a script admin area or attempts to execute a specific file with the objective to get access to the script will trigger particular rules, so ModSecurity will block these activities the minute it detects them. The firewall is incredibly efficient because it monitors the whole HTTP traffic to a website in real time without slowing it down, so it will be able to prevent an attack before any harm is done. It also maintains an incredibly detailed log of all attack attempts that contains more information than standard Apache logs, so you could later check out the data and take additional measures to enhance the security of your websites if necessary.

ModSecurity in Website Hosting

ModSecurity is provided with all website hosting servers, so when you opt to host your sites with our firm, they'll be shielded from a wide array of attacks. The firewall is enabled by default for all domains and subdomains, so there shall be nothing you shall need to do on your end. You will be able to stop ModSecurity for any website if necessary, or to switch on a detection mode, so all activity shall be recorded, but the firewall won't take any real action. You will be able to view specific logs using your Hepsia Control Panel including the IP where the attack came from, what the attacker planned to do and how ModSecurity handled the threat. Since we take the protection of our customers' Internet sites seriously, we employ a selection of commercial rules that we get from one of the top companies which maintain this sort of rules. Our admins also include custom rules to ensure that your Internet sites will be protected against as many risks as possible.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server solutions that we offer feature ModSecurity and given that the firewall is turned on by default, any site which you create under a domain or a subdomain shall be protected right from the start. A separate section in the Hepsia Control Panel that comes with the semi-dedicated accounts is dedicated to ModSecurity and it will enable you to start and stop the firewall for any website or activate a detection mode. With the last mentioned, ModSecurity won't take any action, but it'll still identify possible attacks and will keep all information in a log as if it were fully active. The logs could be found in the very same section of the CP and they include info about the IP where an attack came from, what its nature was, what rule ModSecurity applies to identify and stop it, and so on. The security rules which we use on our machines are a mix of commercial ones from a security business and custom ones developed by our system admins. Consequently, we provide higher security for your web programs as we can protect them from attacks even before security firms release updates for brand new threats.

ModSecurity in VPS Servers

ModSecurity is included with all Hepsia-based VPS servers that we offer and it will be activated automatically for any new domain or subdomain that you include on the server. That way, any web app which you install shall be secured from the very beginning without doing anything by hand on your end. The firewall can be managed via the section of the Control Panel that bears the same name. This is the area whereyou could turn off ModSecurity or let its passive mode, so it will not take any action against threats, but shall still maintain a thorough log. The recorded data is available in the same area as well and you will be able to see what IPs any attacks came from to enable you to stop them, what the nature of the attempted attacks was and based on what security rules ModSecurity responded. The rules that we use on our servers are a mix between commercial ones we get from a security organization and custom ones that are added by our admins to maximize the security of any web applications hosted on our end.

ModSecurity in Dedicated Servers

ModSecurity comes with all dedicated servers that are integrated with our Hepsia Control Panel and you won't have to do anything specific on your end to employ it since it's switched on by default each time you include a new domain or subdomain on your web server. If it disrupts some of your applications, you'll be able to stop it via the respective part of Hepsia, or you could leave it operating in passive mode, so it will detect attacks and shall still keep a log for them, but won't block them. You can analyze the logs later to learn what you can do to boost the security of your sites since you'll find details such as where an intrusion attempt came from, what website was attacked and based upon what rule ModSecurity responded, and so forth. The rules that we use are commercial, therefore they're frequently updated by a security provider, but to be on the safe side, our admins also include custom rules once in a while as to deal with any new threats they have identified.