ModSecurity is a plugin for Apache web servers which acts as a web application layer firewall. It's employed to stop attacks toward script-driven websites by using security rules that contain particular expressions. This way, the firewall can block hacking and spamming attempts and preserve even sites that aren't updated frequently. For example, several failed login attempts to a script administrative area or attempts to execute a certain file with the intention to get access to the script will trigger particular rules, so ModSecurity will block out these activities the instant it discovers them. The firewall is extremely efficient since it tracks the whole HTTP traffic to a website in real time without slowing it down, so it can easily prevent an attack before any harm is done. It also maintains an exceptionally comprehensive log of all attack attempts which features more info than typical Apache logs, so you can later examine the data and take extra measures to increase the security of your websites if necessary.

ModSecurity in Web Hosting

ModSecurity is provided with all web hosting servers, so when you choose to host your sites with our organization, they will be shielded from an array of attacks. The firewall is enabled by default for all domains and subdomains, so there'll be nothing you shall need to do on your end. You'll be able to stop ModSecurity for any website if necessary, or to switch on a detection mode, so all activity will be recorded, but the firewall will not take any real action. You'll be able to view specific logs using your Hepsia Control Panel including the IP address where the attack came from, what the attacker wanted to do and how ModSecurity dealt with the threat. Since we take the protection of our clients' websites very seriously, we employ a selection of commercial rules which we take from one of the best companies which maintain this sort of rules. Our admins also add custom rules to ensure that your websites shall be resistant to as many risks as possible.

ModSecurity in Semi-dedicated Servers

We've included ModSecurity as a standard inside all semi-dedicated server plans, so your web applications shall be protected whenever you install them under any domain or subdomain. The Hepsia CP that comes with the semi-dedicated accounts shall allow you to switch on or turn off the firewall for any Internet site with a click. You shall also be able to activate a passive detection mode in which ModSecurity will keep a log of potential attacks without really preventing them. The comprehensive logs include things like the nature of the attack and what ModSecurity response that attack initiated, where it came from, etc. The list of rules which we employ is frequently updated in order to match any new threats that might appear on the Internet and it consists of both commercial rules that we get from a security firm and custom-written ones which our admins include in the event that they discover a threat that's not present inside the commercial list yet.

ModSecurity in VPS Servers

ModSecurity is provided with all Hepsia-based VPS servers which we offer and it'll be activated automatically for every new domain or subdomain you include on the web server. In this way, any web app that you install will be secured right from the start without doing anything manually on your end. The firewall can be managed through the section of the Control Panel which has the same name. This is the area in whichyou could turn off ModSecurity or enable its passive mode, so it will not take any action towards threats, but shall still keep a comprehensive log. The recorded info is available in the same section as well and you will be able to see what IPs any attacks came from to enable you to stop them, what the nature of the attempted attacks was and based on what security rules ModSecurity reacted. The rules that we employ on our servers are a combination between commercial ones that we get from a security organization and custom ones which are included by our admins to optimize the protection of any web applications hosted on our end.

ModSecurity in Dedicated Servers

All of our dedicated servers that are installed with the Hepsia hosting Control Panel come with ModSecurity, so any app which you upload or set up will be properly secured from the very beginning and you'll not have to bother about common attacks or vulnerabilities. An individual section in Hepsia will allow you to start or stop the firewall for each and every domain or subdomain, or switch on a detection mode so that it records details about intrusions, but doesn't take actions to stop them. What you'll discover in the logs can enable you to to secure your sites better - the IP an attack originated from, what website was attacked and how, what ModSecurity rule was triggered, etc. With this information, you could see if a site needs an update, if you should block IPs from accessing your hosting server, and so on. Besides the third-party commercial security rules for ModSecurity we use, our admins add custom ones as well if they come across a new threat which is not yet in the commercial bundle.