ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It's employed to stop attacks towards script-driven sites by employing security rules which contain certain expressions. That way, the firewall can stop hacking and spamming attempts and preserve even sites which are not updated often. As an example, a number of unsuccessful login attempts to a script administrator area or attempts to execute a specific file with the intention to get access to the script will trigger certain rules, so ModSecurity will stop these activities the instant it detects them. The firewall is extremely efficient because it tracks the whole HTTP traffic to an Internet site in real time without slowing it down, so it will be able to stop an attack before any harm is done. It additionally maintains an incredibly comprehensive log of all attack attempts that contains more info than conventional Apache logs, so you can later analyze the data and take extra measures to boost the security of your sites if required.

ModSecurity in Cloud Website Hosting

ModSecurity is available with each and every cloud website hosting package which we offer and it is turned on by default for any domain or subdomain that you add through your Hepsia CP. If it interferes with any of your applications or you would like to disable it for any reason, you'll be able to accomplish that through the ModSecurity section of Hepsia with simply a click. You may also enable a passive mode, so the firewall will recognize potential attacks and maintain a log, but shall not take any action. You could see comprehensive logs in the exact same section, including the IP address where the attack originated from, what exactly the attacker attempted to do and at what time, what ModSecurity did, etcetera. For maximum safety of our customers we use a group of commercial firewall rules mixed with custom ones that are provided by our system administrators.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server packages which we offer come with ModSecurity and because the firewall is switched on by default, any Internet site which you build under a domain or a subdomain will be secured right away. A separate section inside the Hepsia CP that comes with the semi-dedicated accounts is dedicated to ModSecurity and it will enable you to start and stop the firewall for any website or activate a detection mode. With the last mentioned, ModSecurity shall not take any action, but it shall still detect possible attacks and shall keep all data inside a log as if it were 100% active. The logs can be found within the same section of the CP and they feature information about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to detect and stop it, etc. The security rules we use on our web servers are a mix between commercial ones from a security firm and custom ones developed by our system administrators. Therefore, we offer increased security for your web apps as we can protect them from attacks even before security corporations release updates for brand new threats.

ModSecurity in VPS Servers

ModSecurity is included with all Hepsia-based VPS servers that we offer and it will be activated automatically for every new domain or subdomain you add on the machine. That way, any web application that you install shall be secured immediately without doing anything personally on your end. The firewall could be handled via the section of the Control Panel which has the same name. This is the location in whichyou can disable ModSecurity or let its passive mode, so it will not take any action toward threats, but shall still maintain a comprehensive log. The recorded data is available in the same area as well and you'll be able to see what IPs any attacks came from to enable you to block them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity reacted. The rules that we employ on our servers are a mixture between commercial ones that we get from a security organization and custom ones that are included by our admins to maximize the security of any web apps hosted on our end.

ModSecurity in Dedicated Servers

If you decide to host your Internet sites on a dedicated server with the Hepsia CP, your web applications will be protected right away as ModSecurity is provided with all Hepsia-based solutions. You'll be able to manage the firewall without difficulty and if required, you'll be able to turn it off or activate its passive mode when it shall only maintain a log of what's occurring without taking any action to prevent possible attacks. The logs that you will find in the exact same section of the CP are very detailed and feature information about the attacker IP address, what website and file were attacked and in what way, what rule the firewall used to prevent the intrusion, and so on. This info shall permit you to take measures and boost the protection of your websites even more. To be on the safe side, we use not only commercial rules, but also custom-made ones which our administrators include every time they recognize attacks that have not yet been included inside the commercial pack.