ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It is employed to prevent attacks towards script-driven websites by using security rules which contain particular expressions. This way, the firewall can prevent hacking and spamming attempts and protect even sites that aren't updated on a regular basis. For instance, multiple failed login attempts to a script admin area or attempts to execute a specific file with the purpose to get access to the script will trigger specific rules, so ModSecurity will block out these activities the second it identifies them. The firewall is extremely efficient because it monitors the whole HTTP traffic to an Internet site in real time without slowing it down, so it could prevent an attack before any damage is done. It additionally maintains a very comprehensive log of all attack attempts which features more info than typical Apache logs, so you can later analyze the data and take extra measures to boost the security of your websites if needed.

ModSecurity in Website Hosting

ModSecurity is provided with all website hosting web servers, so if you decide to host your sites with our company, they shall be shielded from a wide array of attacks. The firewall is turned on by default for all domains and subdomains, so there shall be nothing you'll need to do on your end. You will be able to stop ModSecurity for any website if necessary, or to switch on a detection mode, so that all activity shall be recorded, but the firewall won't take any real action. You'll be able to view detailed logs through your Hepsia Control Panel including the IP where the attack originated from, what the attacker planned to do and how ModSecurity handled the threat. Since we take the protection of our customers' websites seriously, we use a set of commercial rules which we get from one of the top companies which maintain this kind of rules. Our admins also include custom rules to make sure that your Internet sites shall be protected against as many threats as possible.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server solutions that we offer include ModSecurity and since the firewall is enabled by default, any site which you build under a domain or a subdomain shall be secured immediately. An individual section inside the Hepsia CP which comes with the semi-dedicated accounts is devoted to ModSecurity and it will allow you to start and stop the firewall for any site or switch on a detection mode. With the last option, ModSecurity won't take any action, but it shall still recognize possible attacks and will keep all info inside a log as if it were 100% active. The logs can be found inside the exact same section of the CP and they include specifics about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to recognize and stop it, etc. The security rules we use on our machines are a mix between commercial ones from a security company and custom ones created by our system admins. Therefore, we provide greater security for your web apps as we can shield them from attacks before security corporations release updates for completely new threats.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are set up with the Hepsia hosting CP, so your web applications shall be protected from the second your server is ready. The firewall is activated by default for any domain or subdomain on the Virtual Private Server, but if necessary, you can disable it with a click of your mouse from the corresponding section of Hepsia. You may also set it to operate in detection mode, so it shall keep a comprehensive log of any possible attacks without taking any action to stop them. The logs are available within the exact same section and include information regarding the nature of the attack, what IP address it originated from and what ModSecurity rule was initiated to stop it. For best security, we use not just commercial rules from a firm working in the field of web security, but also custom ones our administrators add personally so as to respond to new threats that are still not dealt with in the commercial rules.

ModSecurity in Dedicated Servers

All our dedicated servers which are set up with the Hepsia hosting CP feature ModSecurity, so any application that you upload or install will be properly secured from the very beginning and you won't have to bother about common attacks or vulnerabilities. An independent section in Hepsia will allow you to start or stop the firewall for every domain or subdomain, or switch on a detection mode so that it records info about intrusions, but doesn't take actions to stop them. What you'll see in the logs shall help you to secure your sites better - the IP an attack came from, what website was attacked and exactly how, what ModSecurity rule was triggered, etc. With this information, you could see if a site needs an update, if you ought to block IPs from accessing your web server, etc. Besides the third-party commercial security rules for ModSecurity which we use, our admins include custom ones too every time they discover a new threat that's not yet included in the commercial bundle.