ModSecurity is a plugin for Apache web servers that functions as a web app layer firewall. It's employed to prevent attacks toward script-driven sites by using security rules which contain particular expressions. In this way, the firewall can block hacking and spamming attempts and protect even Internet sites that are not updated regularly. For example, several failed login attempts to a script administrator area or attempts to execute a particular file with the objective to get access to the script shall trigger certain rules, so ModSecurity will block out these activities the second it detects them. The firewall is incredibly efficient as it screens the whole HTTP traffic to a site in real time without slowing it down, so it will be able to stop an attack before any damage is done. It furthermore keeps an exceptionally thorough log of all attack attempts that contains more information than standard Apache logs, so you can later analyze the data and take additional measures to improve the security of your Internet sites if required.

ModSecurity in Cloud Hosting

ModSecurity comes standard with all cloud hosting plans which we supply and it'll be switched on automatically for any domain or subdomain you add/create within your Hepsia hosting Control Panel. The firewall has three different modes, so you'll be able to activate and disable it with just a mouse click or set it to detection mode, so it shall maintain a log of all attacks, but it shall not do anything to prevent them. The log for each of your websites will contain elaborate info which includes the nature of the attack, where it came from, what action was taken by ModSecurity, etcetera. The firewall rules that we use are regularly updated and comprise of both commercial ones that we get from a third-party security firm and custom ones that our system admins add in case that they detect a new type of attacks. That way, the websites which you host here will be a lot more protected without any action required on your end.

ModSecurity in Semi-dedicated Hosting

We have included ModSecurity as a standard inside all semi-dedicated hosting products, so your web apps shall be protected as soon as you install them under any domain or subdomain. The Hepsia CP that comes with the semi-dedicated accounts shall permit you to enable or disable the firewall for any site with a mouse click. You shall also be able to turn on a passive detection mode through which ModSecurity shall keep a log of potential attacks without really preventing them. The thorough logs contain the nature of the attack and what ModSecurity response that attack generated, where it originated from, and so on. The list of rules we employ is constantly updated as to match any new threats which could appear on the Internet and it includes both commercial rules that we get from a security corporation and custom-written ones which our admins include if they find a threat that is not present inside the commercial list yet.

ModSecurity in VPS Hosting

ModSecurity comes with all Hepsia-based virtual private servers we offer and it will be activated automatically for every new domain or subdomain that you include on the machine. In this way, any web app which you install will be secured right away without doing anything personally on your end. The firewall could be handled through the section of the CP which has the same name. This is the location whereyou'll be able to disable ModSecurity or enable its passive mode, so it will not take any action toward threats, but will still maintain a comprehensive log. The recorded info is available in the same area as well and you shall be able to see what IPs any attacks came from to enable you to stop them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity responded. The rules that we employ on our servers are a combination between commercial ones that we get from a security firm and custom ones that are included by our admins to optimize the protection of any web apps hosted on our end.

ModSecurity in Dedicated Web Hosting

ModSecurity is included with all dedicated servers that are set up with our Hepsia CP and you'll not have to do anything specific on your end to use it because it is turned on by default every time you include a new domain or subdomain on your hosting server. In case it disrupts any of your apps, you'll be able to stop it through the respective section of Hepsia, or you could leave it operating in passive mode, so it will identify attacks and will still keep a log for them, but will not stop them. You may analyze the logs later to determine what you can do to improve the protection of your sites since you'll find details such as where an intrusion attempt originated from, what Internet site was attacked and in accordance with what rule ModSecurity responded, and so forth. The rules which we employ are commercial, hence they are constantly updated by a security firm, but to be on the safe side, our administrators also include custom rules from time to time as to deal with any new threats they have found.