ModSecurity is a plugin for Apache web servers that acts as a web app layer firewall. It's employed to stop attacks against script-driven websites through the use of security rules which contain certain expressions. In this way, the firewall can stop hacking and spamming attempts and preserve even Internet sites which aren't updated regularly. For example, numerous unsuccessful login attempts to a script administrator area or attempts to execute a particular file with the purpose to get access to the script shall trigger specific rules, so ModSecurity shall stop these activities the moment it detects them. The firewall is extremely efficient as it tracks the whole HTTP traffic to an Internet site in real time without slowing it down, so it will be able to prevent an attack before any damage is done. It furthermore keeps a very thorough log of all attack attempts which features more information than traditional Apache logs, so you can later check out the data and take extra measures to enhance the security of your websites if needed.

ModSecurity in Shared Web Hosting

ModSecurity is available on all shared web hosting machines, so if you opt to host your sites with our firm, they will be shielded from an array of attacks. The firewall is enabled as standard for all domains and subdomains, so there will be nothing you shall have to do on your end. You shall be able to stop ModSecurity for any site if necessary, or to activate a detection mode, so all activity will be recorded, but the firewall will not take any real action. You'll be able to view detailed logs from your Hepsia CP including the IP where the attack originated from, what the attacker planned to do and how ModSecurity dealt with the threat. Since we take the security of our customers' websites seriously, we use a collection of commercial rules which we take from one of the leading companies that maintain this kind of rules. Our admins also add custom rules to ensure that your sites will be protected against as many threats as possible.

ModSecurity in Semi-dedicated Hosting

Any web application you install in your new semi-dedicated hosting account will be protected by ModSecurity since the firewall comes with all our hosting solutions and is turned on by default for any domain and subdomain which you include or create via your Hepsia hosting Control Panel. You'll be able to manage ModSecurity via a dedicated area inside Hepsia where not simply could you activate or deactivate it entirely, but you may also switch on a passive mode, so the firewall shall not block anything, but it will still keep a record of possible attacks. This normally requires simply a mouse click and you will be able to see the logs no matter if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was taken care of, and so forth. The firewall uses 2 groups of rules on our machines - a commercial one which we get from a third-party web security provider and a custom one that our admins update manually in order to respond to newly discovered risks as quickly as possible.

ModSecurity in VPS Web Hosting

ModSecurity comes with all Hepsia-based virtual private servers we offer and it'll be switched on automatically for any new domain or subdomain you add on the server. That way, any web app you install shall be secured right from the start without doing anything by hand on your end. The firewall could be managed through the section of the Control Panel which bears the same name. This is the area in whichyou could disable ModSecurity or activate its passive mode, so it shall not take any action towards threats, but will still maintain a thorough log. The recorded data is available inside the same area as well and you shall be able to see what IPs any attacks came from to enable you to block them, what the nature of the attempted attacks was and based on what security rules ModSecurity responded. The rules which we use on our servers are a mixture between commercial ones we obtain from a security company and custom ones that are included by our admins to enhance the security of any web apps hosted on our end.