ModSecurity is a plugin for Apache web servers that functions as a web application layer firewall. It's used to stop attacks toward script-driven Internet sites by using security rules which contain particular expressions. That way, the firewall can prevent hacking and spamming attempts and protect even Internet sites which are not updated frequently. For instance, numerous failed login attempts to a script admin area or attempts to execute a specific file with the intention to get access to the script will trigger particular rules, so ModSecurity shall block out these activities the minute it discovers them. The firewall is incredibly efficient as it tracks the entire HTTP traffic to a site in real time without slowing it down, so it could prevent an attack before any harm is done. It additionally maintains an exceptionally detailed log of all attack attempts that contains more information than conventional Apache logs, so you can later analyze the data and take further measures to improve the security of your sites if required.

ModSecurity in Shared Hosting

ModSecurity is available with each shared hosting package which we offer and it is turned on by default for any domain or subdomain which you include through your Hepsia Control Panel. If it disrupts any of your programs or you would like to disable it for some reason, you'll be able to accomplish that through the ModSecurity section of Hepsia with just a click. You may also use a passive mode, so the firewall will discover possible attacks and keep a log, but will not take any action. You'll be able to see extensive logs in the very same section, including the IP address where the attack came from, exactly what the attacker attempted to do and at what time, what ModSecurity did, and so on. For maximum security of our customers we use a collection of commercial firewall rules blended with custom ones that are included by our system admins.

ModSecurity in Semi-dedicated Hosting

We've incorporated ModSecurity as a standard within all semi-dedicated hosting products, so your web applications will be protected the instant you install them under any domain or subdomain. The Hepsia CP that is included with the semi-dedicated accounts will allow you to activate or turn off the firewall for any site with a click. You will also have the ability to switch on a passive detection mode with which ModSecurity will keep a log of possible attacks without really preventing them. The detailed logs include things like the nature of the attack and what ModSecurity response that attack triggered, where it originated from, etc. The list of rules we employ is regularly updated as to match any new risks that might appear on the Internet and it consists of both commercial rules that we get from a security firm and custom-written ones which our admins add in case they discover a threat that's not present in the commercial list yet.

ModSecurity in VPS

ModSecurity is pre-installed on all virtual private servers which are offered with the Hepsia hosting Control Panel, so your web applications shall be secured from the second your server is in a position. The firewall is activated by default for any domain or subdomain on the Virtual Private Server, but if needed, you'll be able to disable it with a mouse click through the corresponding section of Hepsia. You could also set it to operate in detection mode, so it shall maintain an extensive log of any possible attacks without taking any action to stop them. The logs can be found within the exact same section and include information regarding the nature of the attack, what IP it came from and what ModSecurity rule was triggered to stop it. For best security, we use not simply commercial rules from a company working in the field of web security, but also custom ones that our administrators add personally in order to react to new threats that are still not addressed in the commercial rules.

ModSecurity in Dedicated Hosting

All of our dedicated servers which are installed with the Hepsia hosting CP come with ModSecurity, so any app you upload or install will be properly secured from the very beginning and you'll not need to worry about common attacks or vulnerabilities. An individual section inside Hepsia will allow you to start or stop the firewall for every domain or subdomain, or turn on a detection mode so that it records information about intrusions, but does not take actions to prevent them. What you shall discover in the logs can help you to secure your Internet sites better - the IP address an attack came from, what website was attacked and exactly how, what ModSecurity rule was triggered, and so forth. With this data, you could see whether a site needs an update, whether you ought to block IPs from accessing your server, etcetera. Besides the third-party commercial security rules for ModSecurity we use, our administrators include custom ones as well every time they find a new threat which is not yet included in the commercial bundle.