ModSecurity is a plugin for Apache web servers that acts as a web application layer firewall. It's used to stop attacks against script-driven Internet sites through the use of security rules which contain specific expressions. That way, the firewall can prevent hacking and spamming attempts and protect even Internet sites that are not updated frequently. As an example, numerous unsuccessful login attempts to a script administrator area or attempts to execute a certain file with the objective to get access to the script will trigger particular rules, so ModSecurity shall stop these activities the second it detects them. The firewall is very efficient because it screens the whole HTTP traffic to a site in real time without slowing it down, so it can stop an attack before any damage is done. It furthermore maintains a very comprehensive log of all attack attempts that includes more info than standard Apache logs, so you can later check out the data and take further measures to boost the security of your websites if required.

ModSecurity in Shared Website Hosting

We offer ModSecurity with all shared website hosting solutions, so your web applications will be shielded from destructive attacks. The firewall is turned on as standard for all domains and subdomains, but in case you would like, you shall be able to stop it through the respective section of your Hepsia CP. You'll be able to also activate a detection mode, so ModSecurity will keep a log as intended, but won't take any action. The logs that you will discover in Hepsia are extremely detailed and include data about the nature of any attack, when it took place and from what IP address, the firewall rule which was triggered, etcetera. We use a group of commercial rules that are regularly updated, but sometimes our administrators add custom rules as well in order to efficiently protect the sites hosted on our servers.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting plans that we offer come with ModSecurity and given that the firewall is turned on by default, any site that you create under a domain or a subdomain shall be secured right away. A separate section within the Hepsia CP that comes with the semi-dedicated accounts is dedicated to ModSecurity and it will enable you to start and stop the firewall for any site or switch on a detection mode. With the latter, ModSecurity shall not take any action, but it'll still recognize possible attacks and shall keep all info in a log as if it were 100% active. The logs could be found within the same section of the Control Panel and they include details about the IP where an attack came from, what its nature was, what rule ModSecurity applies to recognize and stop it, etcetera. The security rules we employ on our servers are a mix between commercial ones from a security business and custom ones created by our system administrators. Therefore, we provide increased security for your web applications as we can shield them from attacks even before security businesses release updates for brand new threats.

ModSecurity in VPS Web Hosting

Security is vital to us, so we install ModSecurity on all virtual private servers that are set up with the Hepsia Control Panel by default. The firewall could be managed through a dedicated section within Hepsia and is activated automatically when you include a new domain or create a subdomain, so you won't need to do anything manually. You'll also be able to disable it or switch on the so-called detection mode, so it'll keep a log of potential attacks which you can later study, but shall not stop them. The logs in both passive and active modes contain info regarding the form of the attack and how it was eliminated, what IP address it came from and other valuable information which might help you to tighten the security of your sites by updating them or blocking IPs, for example. In addition to the commercial rules which we get for ModSecurity from a third-party security enterprise, we also implement our own rules because from time to time we identify specific attacks that are not yet present in the commercial pack. This way, we could boost the security of your Virtual private server in a timely manner rather than waiting for a certified update.

ModSecurity in Dedicated Servers Hosting

All of our dedicated servers that are set up with the Hepsia hosting Control Panel include ModSecurity, so any app which you upload or install will be protected from the very beginning and you will not have to stress about common attacks or vulnerabilities. An individual section within Hepsia will allow you to start or stop the firewall for every domain or subdomain, or switch on a detection mode so that it records details about intrusions, but does not take actions to prevent them. What you'll discover in the logs can allow you to to secure your websites better - the IP an attack came from, what site was attacked as well as how, what ModSecurity rule was triggered, and so on. With this data, you'll be able to see if a website needs an update, whether you need to block IPs from accessing your server, etcetera. In addition to the third-party commercial security rules for ModSecurity that we use, our administrators include custom ones as well every time they find a new threat that's not yet a part of the commercial bundle.