ModSecurity is a plugin for Apache web servers that acts as a web app layer firewall. It is employed to stop attacks against script-driven Internet sites by using security rules that contain certain expressions. This way, the firewall can prevent hacking and spamming attempts and shield even websites that are not updated frequently. As an example, several unsuccessful login attempts to a script administrator area or attempts to execute a particular file with the intention to get access to the script shall trigger specific rules, so ModSecurity shall block these activities the second it identifies them. The firewall is incredibly efficient because it tracks the whole HTTP traffic to an Internet site in real time without slowing it down, so it could stop an attack before any damage is done. It additionally keeps an incredibly comprehensive log of all attack attempts that features more information than standard Apache logs, so you can later examine the data and take extra measures to enhance the security of your websites if necessary.

ModSecurity in Cloud Web Hosting

ModSecurity comes by default with all cloud web hosting plans that we supply and it'll be turned on automatically for any domain or subdomain that you add/create in your Hepsia hosting CP. The firewall has 3 different modes, so you could switch on and disable it with only a mouse click or set it to detection mode, so it shall maintain a log of all attacks, but it will not do anything to stop them. The log for each of your sites will include in-depth info such as the nature of the attack, where it came from, what action was taken by ModSecurity, and so on. The firewall rules we use are regularly updated and incorporate both commercial ones that we get from a third-party security firm and custom ones that our system admins include in the event that they detect a new kind of attacks. In this way, the sites which you host here will be much more protected without any action needed on your end.

ModSecurity in Semi-dedicated Hosting

Any web application which you set up in your new semi-dedicated hosting account will be protected by ModSecurity since the firewall is included with all our hosting packages and is switched on by default for any domain and subdomain that you add or create via your Hepsia hosting Control Panel. You will be able to manage ModSecurity via a dedicated section inside Hepsia where not simply could you activate or deactivate it fully, but you may also switch on a passive mode, so the firewall shall not block anything, but it shall still keep a record of potential attacks. This takes just a mouse click and you'll be able to look at the logs no matter if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was taken care of, and so on. The firewall uses two groups of rules on our web servers - a commercial one which we get from a third-party web security company and a custom one that our administrators update personally as to respond to newly discovered threats as quickly as possible.

ModSecurity in VPS Hosting

ModSecurity comes with all Hepsia-based virtual private servers which we offer and it'll be activated automatically for any new domain or subdomain which you include on the server. This way, any web app which you install will be protected from the very beginning without doing anything manually on your end. The firewall could be handled from the section of the Control Panel that bears the same name. This is the area whereyou'll be able to disable ModSecurity or activate its passive mode, so it will not take any action towards threats, but shall still keep a thorough log. The recorded data is available in the same section as well and you shall be able to see what IPs any attacks came from so that you can stop them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity reacted. The rules which we use on our servers are a mix between commercial ones that we obtain from a security company and custom ones that are included by our staff to enhance the protection of any web apps hosted on our end.

ModSecurity in Dedicated Web Hosting

ModSecurity is provided as standard with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain which you create on the server. In the event that a web app does not operate correctly, you could either disable the firewall or set it to function in passive mode. The latter means that ModSecurity will maintain a log of any potential attack that might happen, but won't take any action to prevent it. The logs created in passive or active mode will provide you with additional details about the exact file that was attacked, the type of the attack and the IP it came from, etcetera. This info shall permit you to decide what steps you can take to boost the safety of your Internet sites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules which we employ are updated frequently with a commercial bundle from a third-party security provider we work with, but sometimes our staff add their own rules as well in case they find a new potential threat.