ModSecurity is a plugin for Apache web servers that acts as a web application layer firewall. It is employed to prevent attacks against script-driven Internet sites through the use of security rules that contain particular expressions. In this way, the firewall can stop hacking and spamming attempts and shield even sites that aren't updated regularly. For instance, multiple failed login attempts to a script administrator area or attempts to execute a particular file with the objective to get access to the script shall trigger certain rules, so ModSecurity shall stop these activities the second it identifies them. The firewall is quite efficient as it monitors the whole HTTP traffic to an Internet site in real time without slowing it down, so it will be able to stop an attack before any damage is done. It also keeps an exceptionally thorough log of all attack attempts which contains more info than standard Apache logs, so you could later examine the data and take further measures to boost the security of your websites if necessary.

ModSecurity in Cloud Hosting

ModSecurity is available on all cloud hosting servers, so if you decide to host your sites with our company, they'll be shielded from a wide array of attacks. The firewall is enabled as standard for all domains and subdomains, so there shall be nothing you will have to do on your end. You will be able to stop ModSecurity for any website if required, or to enable a detection mode, so all activity will be recorded, but the firewall will not take any real action. You will be able to view comprehensive logs using your Hepsia Control Panel including the IP where the attack originated from, what the attacker wished to do and how ModSecurity dealt with the threat. As we take the protection of our clients' Internet sites seriously, we employ a collection of commercial rules which we take from one of the best companies which maintain this sort of rules. Our administrators also include custom rules to ensure that your websites shall be shielded from as many threats as possible.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server plans that we offer come with ModSecurity and given that the firewall is turned on by default, any website that you set up under a domain or a subdomain shall be secured straight away. An individual section inside the Hepsia CP which comes with the semi-dedicated accounts is dedicated to ModSecurity and it shall allow you to stop and start the firewall for any site or activate a detection mode. With the last option, ModSecurity shall not take any action, but it will still detect possible attacks and shall keep all data inside a log as if it were fully active. The logs can be found in the very same section of the Control Panel and they include information about the IP where an attack came from, what its nature was, what rule ModSecurity applies to recognize and stop it, etc. The security rules which we employ on our servers are a mix between commercial ones from a security business and custom ones made by our system admins. As a result, we provide greater security for your web programs as we can shield them from attacks before security firms release updates for new threats.

ModSecurity in Dedicated Servers

If you opt to host your Internet sites on a dedicated server with the Hepsia Control Panel, your web apps will be secured immediately since ModSecurity is available with all Hepsia-based solutions. You'll be able to control the firewall easily and if required, you will be able to turn it off or enable its passive mode when it will only keep a log of what is happening without taking any action to stop potential attacks. The logs that you'll find in the exact same section of the CP are extremely detailed and include data about the attacker IP, what website and file were attacked and in what ways, what rule the firewall employed to prevent the intrusion, and so forth. This information shall enable you to take measures and increase the security of your websites even more. To be on the safe side, we employ not only commercial rules, but also custom-made ones that our staff include every time they recognize attacks that haven't yet been included in the commercial pack.