ModSecurity is a plugin for Apache web servers which acts as a web application layer firewall. It is employed to prevent attacks against script-driven websites through the use of security rules which contain specific expressions. This way, the firewall can stop hacking and spamming attempts and preserve even sites that aren't updated often. For instance, a number of failed login attempts to a script administrator area or attempts to execute a particular file with the objective to get access to the script shall trigger particular rules, so ModSecurity shall block out these activities the second it discovers them. The firewall is incredibly efficient because it monitors the entire HTTP traffic to a website in real time without slowing it down, so it will be able to prevent an attack before any harm is done. It furthermore maintains a very thorough log of all attack attempts which features more info than typical Apache logs, so you can later check out the data and take extra measures to enhance the security of your websites if required.

ModSecurity in Shared Hosting

ModSecurity is offered with every single shared hosting solution that we offer and it is switched on by default for every domain or subdomain that you add via your Hepsia CP. If it disrupts any of your programs or you'd like to disable it for some reason, you'll be able to achieve that through the ModSecurity section of Hepsia with only a mouse click. You can also enable a passive mode, so the firewall will identify potential attacks and maintain a log, but will not take any action. You'll be able to see detailed logs in the same section, including the IP where the attack originated from, what exactly the attacker aimed to do and at what time, what ModSecurity did, and so on. For maximum security of our clients we use a collection of commercial firewall rules blended with custom ones which are provided by our system admins.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server solutions which we offer feature ModSecurity and because the firewall is switched on by default, any website which you set up under a domain or a subdomain shall be secured immediately. An independent section in the Hepsia Control Panel which comes with the semi-dedicated accounts is dedicated to ModSecurity and it shall allow you to start and stop the firewall for any site or enable a detection mode. With the last option, ModSecurity won't take any action, but it will still identify possible attacks and shall keep all info in a log as if it were 100% active. The logs could be found within the same section of the CP and they include specifics about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to identify and stop it, and so on. The security rules we employ on our servers are a mix of commercial ones from a security company and custom ones developed by our system admins. Therefore, we offer higher security for your web programs as we can shield them from attacks even before security corporations release updates for brand new threats.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers which are provided with the Hepsia hosting Control Panel, so your web programs shall be protected from the instant your server is in a position. The firewall is turned on by default for any domain or subdomain on the VPS, but if required, you'll be able to disable it with a mouse click via the corresponding section of Hepsia. You may also set it to work in detection mode, so it'll keep a detailed log of any potential attacks without taking any action to stop them. The logs are available inside the exact same section and provide details about the nature of the attack, what IP address it came from and what ModSecurity rule was triggered to stop it. For maximum security, we use not simply commercial rules from a firm working in the field of web security, but also custom ones which our administrators include personally so as to react to new threats which are still not dealt with in the commercial rules.

ModSecurity in Dedicated Servers

If you decide to host your Internet sites on a dedicated server with the Hepsia CP, your web programs shall be secured right away since ModSecurity is supplied with all Hepsia-based plans. You will be able to regulate the firewall with ease and if needed, you shall be able to turn it off or activate its passive mode when it will only maintain a log of what's taking place without taking any action to prevent possible attacks. The logs which you can find within the exact same section of the Control Panel are very detailed and contain info about the attacker IP, what website and file were attacked and in what ways, what rule the firewall used to prevent the intrusion, etcetera. This info shall enable you to take measures and improve the security of your sites even more. To be on the safe side, we employ not just commercial rules, but also custom-made ones that our admins include when they identify attacks which haven't yet been included inside the commercial pack.