ModSecurity is a plugin for Apache web servers that functions as a web application layer firewall. It is used to prevent attacks toward script-driven sites through the use of security rules that contain certain expressions. In this way, the firewall can stop hacking and spamming attempts and preserve even sites that are not updated on a regular basis. As an example, numerous unsuccessful login attempts to a script administrative area or attempts to execute a particular file with the intention to get access to the script will trigger specific rules, so ModSecurity will block these activities the moment it discovers them. The firewall is extremely efficient since it tracks the entire HTTP traffic to a site in real time without slowing it down, so it can stop an attack before any harm is done. It furthermore maintains an incredibly thorough log of all attack attempts which contains more information than typical Apache logs, so you can later check out the data and take additional measures to improve the security of your websites if necessary.

ModSecurity in Shared Hosting

ModSecurity comes by default with all shared hosting plans that we offer and it will be activated automatically for any domain or subdomain that you add/create inside your Hepsia hosting CP. The firewall has 3 different modes, so you could switch on and disable it with a mouse click or set it to detection mode, so it will keep a log of all attacks, but it'll not do anything to prevent them. The log for each of your Internet sites will contain in-depth info including the nature of the attack, where it originated from, what action was taken by ModSecurity, etc. The firewall rules we use are frequently updated and incorporate both commercial ones which we get from a third-party security firm and custom ones that our system administrators add in the event that they detect a new type of attacks. That way, the sites that you host here will be far more secure with no action required on your end.

ModSecurity in Semi-dedicated Servers

Any web app you install inside your new semi-dedicated server account shall be protected by ModSecurity as the firewall comes with all our hosting solutions and is switched on by default for any domain and subdomain which you include or create using your Hepsia hosting Control Panel. You will be able to manage ModSecurity via a dedicated section within Hepsia where not only could you activate or deactivate it fully, but you could also activate a passive mode, so the firewall won't block anything, but it'll still keep an archive of possible attacks. This normally requires only a mouse click and you shall be able to view the logs regardless of if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was taken care of, etc. The firewall employs 2 sets of rules on our web servers - a commercial one that we get from a third-party web security firm and a custom one that our admins update personally in order to respond to recently discovered threats at the earliest opportunity.

ModSecurity in Dedicated Servers

If you opt to host your Internet sites on a dedicated server with the Hepsia Control Panel, your web apps will be protected right away since ModSecurity is provided with all Hepsia-based packages. You shall be able to control the firewall easily and if needed, you'll be able to turn it off or switch on its passive mode when it'll only keep a log of what is taking place without taking any action to prevent possible attacks. The logs that you will find inside the exact same section of the CP are quite detailed and include information about the attacker IP address, what site and file were attacked and in what way, what rule the firewall used to prevent the intrusion, etcetera. This data shall allow you to take measures and boost the protection of your sites even more. To be on the safe side, we use not only commercial rules, but also custom-made ones which our administrators include whenever they detect attacks which haven't yet been included inside the commercial pack.