ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It is used to stop attacks towards script-driven Internet sites through the use of security rules which contain specific expressions. That way, the firewall can block hacking and spamming attempts and preserve even websites which aren't updated frequently. For example, multiple unsuccessful login attempts to a script administrative area or attempts to execute a specific file with the intention to get access to the script will trigger particular rules, so ModSecurity will block these activities the instant it identifies them. The firewall is quite efficient because it screens the entire HTTP traffic to a website in real time without slowing it down, so it can easily stop an attack before any harm is done. It additionally maintains a very detailed log of all attack attempts which includes more information than standard Apache logs, so you could later examine the data and take extra measures to boost the security of your Internet sites if required.

ModSecurity in Web Hosting

ModSecurity is offered with each web hosting package that we offer and it is turned on by default for every domain or subdomain which you add via your Hepsia Control Panel. If it interferes with any of your apps or you'd like to disable it for whatever reason, you'll be able to achieve that through the ModSecurity section of Hepsia with simply a mouse click. You may also activate a passive mode, so the firewall will detect potential attacks and keep a log, but won't take any action. You'll be able to see extensive logs in the very same section, including the IP address where the attack originated from, what exactly the attacker attempted to do and at what time, what ModSecurity did, etc. For max protection of our clients we use a set of commercial firewall rules combined with custom ones which are added by our system administrators.

ModSecurity in Semi-dedicated Servers

ModSecurity is part of our semi-dedicated server plans and if you choose to host your sites with us, there will not be anything special you'll need to do as the firewall is activated by default for all domains and subdomains that you include through your hosting Control Panel. If needed, you'll be able to disable ModSecurity for a certain Internet site or switch on the so-called detection mode in which case the firewall will still function and record data, but shall not do anything to stop potential attacks on your sites. Thorough logs will be readily available in your CP and you'll be able to see which kind of attacks took place, what security rules were triggered and how the firewall handled the threats, what IP addresses the attacks originated from, etcetera. We use 2 kinds of rules on our servers - commercial ones from a business that operates in the field of web security, and customized ones which our admins occasionally include to respond to newly found risks in a timely manner.

ModSecurity in Dedicated Servers

ModSecurity is provided with all dedicated servers which are integrated with our Hepsia CP and you won't have to do anything specific on your end to employ it because it's enabled by default every time you add a new domain or subdomain on your web server. In case it disrupts some of your applications, you'll be able to stop it through the respective area of Hepsia, or you may leave it working in passive mode, so it shall recognize attacks and will still keep a log for them, but shall not stop them. You may examine the logs later to find out what you can do to increase the protection of your Internet sites since you'll find information such as where an intrusion attempt came from, what Internet site was attacked and based on what rule ModSecurity responded, etcetera. The rules which we use are commercial, thus they are frequently updated by a security firm, but to be on the safe side, our administrators also include custom rules once in a while in order to react to any new threats they have discovered.