ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It's employed to prevent attacks toward script-driven sites by using security rules which contain particular expressions. In this way, the firewall can stop hacking and spamming attempts and protect even Internet sites which aren't updated on a regular basis. For example, several unsuccessful login attempts to a script administrative area or attempts to execute a particular file with the purpose to get access to the script shall trigger particular rules, so ModSecurity will stop these activities the moment it detects them. The firewall is quite efficient since it screens the whole HTTP traffic to a site in real time without slowing it down, so it can easily stop an attack before any damage is done. It also maintains an incredibly detailed log of all attack attempts that features more info than typical Apache logs, so you can later check out the data and take extra measures to enhance the security of your websites if required.

ModSecurity in Cloud Hosting

ModSecurity is available on all cloud hosting web servers, so when you choose to host your websites with our business, they'll be shielded from an array of attacks. The firewall is turned on by default for all domains and subdomains, so there will be nothing you shall need to do on your end. You'll be able to stop ModSecurity for any site if required, or to activate a detection mode, so all activity will be recorded, but the firewall shall not take any real action. You'll be able to view specific logs via your Hepsia Control Panel including the IP address where the attack came from, what the attacker wished to do and how ModSecurity addressed the threat. Since we take the security of our customers' websites very seriously, we use a collection of commercial rules which we get from one of the leading companies which maintain such rules. Our administrators also include custom rules to make sure that your websites shall be protected against as many threats as possible.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server packages that we offer feature ModSecurity and because the firewall is turned on by default, any site you create under a domain or a subdomain shall be secured immediately. An independent section in the Hepsia CP that comes with the semi-dedicated accounts is devoted to ModSecurity and it'll allow you to stop and start the firewall for any site or activate a detection mode. With the latter, ModSecurity won't take any action, but it will still recognize possible attacks and will keep all info within a log as if it were fully active. The logs can be found inside the same section of the Control Panel and they include info about the IP where an attack came from, what its nature was, what rule ModSecurity applies to identify and stop it, etc. The security rules which we employ on our web servers are a mix of commercial ones from a security company and custom ones created by our system administrators. Consequently, we offer increased security for your web programs as we can shield them from attacks even before security companies release updates for completely new threats.

ModSecurity in VPS Servers

ModSecurity comes with all Hepsia-based VPS servers that we offer and it shall be turned on automatically for any new domain or subdomain you include on the server. This way, any web application which you install shall be protected right from the start without doing anything by hand on your end. The firewall could be handled through the section of the Control Panel that bears the same name. This is the place whereyou could switch off ModSecurity or let its passive mode, so it shall not take any action towards threats, but shall still maintain a comprehensive log. The recorded data is available in the same section as well and you shall be able to see what IPs any attacks originated from so that you stop them, what the nature of the attempted attacks was and based upon what security rules ModSecurity responded. The rules we use on our servers are a blend between commercial ones which we obtain from a security firm and custom ones which are included by our administrators to optimize the security of any web apps hosted on our end.

ModSecurity in Dedicated Servers

ModSecurity is included with all dedicated servers which are set up with our Hepsia Control Panel and you won't have to do anything specific on your end to use it since it's enabled by default every time you include a new domain or subdomain on your web server. In the event that it interferes with some of your apps, you shall be able to stop it through the respective part of Hepsia, or you may leave it working in passive mode, so it shall recognize attacks and will still maintain a log for them, but shall not stop them. You could examine the logs later to find out what you can do to boost the security of your websites as you will find info such as where an intrusion attempt came from, what website was attacked and based upon what rule ModSecurity reacted, and so forth. The rules we employ are commercial, thus they are regularly updated by a security provider, but to be on the safe side, our staff also add custom rules from time to time as to react to any new threats they have identified.