ModSecurity is a plugin for Apache web servers that functions as a web app layer firewall. It is used to prevent attacks toward script-driven Internet sites through the use of security rules which contain certain expressions. This way, the firewall can prevent hacking and spamming attempts and shield even websites which are not updated often. For instance, numerous failed login attempts to a script administrative area or attempts to execute a particular file with the objective to get access to the script will trigger particular rules, so ModSecurity will stop these activities the second it identifies them. The firewall is very efficient since it monitors the whole HTTP traffic to an Internet site in real time without slowing it down, so it will be able to stop an attack before any harm is done. It also maintains a very comprehensive log of all attack attempts that contains more info than traditional Apache logs, so you can later analyze the data and take additional measures to enhance the security of your sites if needed.

ModSecurity in Shared Hosting

ModSecurity is available on all shared hosting machines, so when you choose to host your websites with our business, they shall be shielded from an array of attacks. The firewall is enabled as standard for all domains and subdomains, so there'll be nothing you will need to do on your end. You will be able to stop ModSecurity for any site if needed, or to activate a detection mode, so all activity shall be recorded, but the firewall shall not take any real action. You shall be able to view specific logs through your Hepsia CP including the IP address where the attack came from, what the attacker wished to do and how ModSecurity dealt with the threat. As we take the security of our customers' Internet sites very seriously, we employ a set of commercial rules which we get from one of the leading companies which maintain this sort of rules. Our admins also add custom rules to make certain that your websites will be resistant to as many risks as possible.

ModSecurity in Semi-dedicated Servers

ModSecurity is a part of our semi-dedicated server packages and if you decide to host your websites with us, there will not be anything special you'll have to do since the firewall is activated by default for all domains and subdomains that you add using your hosting CP. If needed, you'll be able to disable ModSecurity for a certain website or activate the so-called detection mode in which case the firewall shall still work and record data, but shall not do anything to prevent possible attacks against your sites. Detailed logs shall be available inside your CP and you will be able to see what sort of attacks happened, what security rules were triggered and how the firewall handled the threats, what IP addresses the attacks came from, and so on. We use two kinds of rules on our servers - commercial ones from an organization which operates in the field of web security, and customized ones that our admins often add to respond to newly found threats promptly.

ModSecurity in VPS Servers

ModSecurity comes with all Hepsia-based VPS servers which we offer and it shall be activated automatically for every new domain or subdomain that you include on the server. That way, any web application you install shall be protected from the very beginning without doing anything personally on your end. The firewall could be managed from the section of the Control Panel that has the same name. This is the location in whichyou'll be able to disable ModSecurity or enable its passive mode, so it won't take any action toward threats, but shall still keep a thorough log. The recorded information is available in the same area as well and you will be able to see what IPs any attacks originated from so that you can block them, what the nature of the attempted attacks was and based on what security rules ModSecurity responded. The rules that we employ on our servers are a combination between commercial ones which we obtain from a security company and custom ones that are included by our staff to maximize the security of any web applications hosted on our end.

ModSecurity in Dedicated Servers

All of our dedicated servers which are set up with the Hepsia hosting CP feature ModSecurity, so any application you upload or install will be properly secured from the very beginning and you'll not have to stress about common attacks or vulnerabilities. An independent section in Hepsia will allow you to start or stop the firewall for each and every domain or subdomain, or turn on a detection mode so that it records details about intrusions, but doesn't take actions to prevent them. What you'll find in the logs can help you to secure your Internet sites better - the IP address an attack came from, what website was attacked and in what way, what ModSecurity rule was triggered, etc. With this information, you can see if an Internet site needs an update, whether you ought to block IPs from accessing your hosting server, and so forth. Aside from the third-party commercial security rules for ModSecurity which we use, our admins add custom ones as well every time they come across a new threat that is not yet a part of the commercial bundle.