ModSecurity is a plugin for Apache web servers that functions as a web application layer firewall. It is employed to stop attacks against script-driven sites by employing security rules that contain particular expressions. In this way, the firewall can prevent hacking and spamming attempts and protect even Internet sites which aren't updated often. As an example, several unsuccessful login attempts to a script admin area or attempts to execute a particular file with the objective to get access to the script shall trigger certain rules, so ModSecurity shall block these activities the instant it identifies them. The firewall is very efficient since it monitors the entire HTTP traffic to an Internet site in real time without slowing it down, so it will be able to prevent an attack before any damage is done. It also maintains a very comprehensive log of all attack attempts that includes more info than conventional Apache logs, so you could later check out the data and take extra measures to improve the security of your websites if needed.

ModSecurity in Shared Web Hosting

ModSecurity is available on all shared web hosting servers, so if you decide to host your sites with our company, they shall be shielded from an array of attacks. The firewall is turned on as standard for all domains and subdomains, so there shall be nothing you shall have to do on your end. You'll be able to stop ModSecurity for any Internet site if needed, or to enable a detection mode, so all activity will be recorded, but the firewall won't take any real action. You shall be able to view specific logs through your Hepsia CP including the IP where the attack came from, what the attacker wished to do and how ModSecurity dealt with the threat. As we take the safety of our customers' sites very seriously, we use a group of commercial rules which we take from one of the leading companies that maintain this sort of rules. Our administrators also include custom rules to ensure that your websites will be shielded from as many risks as possible.

ModSecurity in Semi-dedicated Hosting

ModSecurity is a part of our semi-dedicated hosting plans and if you decide to host your sites with us, there shall not be anything special you'll need to do given that the firewall is activated by default for all domains and subdomains you add via your hosting CP. If required, you could disable ModSecurity for a given website or activate the so-called detection mode in which case the firewall shall still operate and record data, but shall not do anything to prevent possible attacks against your sites. Thorough logs will be readily available in your Control Panel and you shall be able to see which kind of attacks occurred, what security rules were triggered and how the firewall handled the threats, what Internet protocol addresses the attacks originated from, etc. We use two kinds of rules on our servers - commercial ones from a firm which operates in the field of web security, and custom made ones which our administrators occasionally include to respond to newly found risks in a timely manner.

ModSecurity in VPS

ModSecurity is provided with all Hepsia-based virtual private servers that we offer and it will be activated automatically for any new domain or subdomain you add on the server. In this way, any web application which you install shall be protected from the very beginning without doing anything manually on your end. The firewall could be handled through the section of the CP that bears the same name. This is the place in whichyou could switch off ModSecurity or let its passive mode, so it shall not take any action against threats, but will still keep a comprehensive log. The recorded data is available inside the same section as well and you will be able to see what IPs any attacks originated from so that you stop them, what the nature of the attempted attacks was and based on what security rules ModSecurity responded. The rules that we employ on our servers are a blend between commercial ones which we obtain from a security organization and custom ones that are added by our staff to improve the security of any web apps hosted on our end.

ModSecurity in Dedicated Hosting

ModSecurity is provided with all dedicated servers which are set up with our Hepsia Control Panel and you will not need to do anything specific on your end to use it as it's enabled by default every time you add a new domain or subdomain on your web server. In case it disrupts any of your programs, you'll be able to stop it via the respective section of Hepsia, or you could leave it in passive mode, so it shall detect attacks and shall still keep a log for them, but will not prevent them. You may examine the logs later to learn what you can do to increase the protection of your Internet sites since you'll find details such as where an intrusion attempt came from, what site was attacked and in accordance with what rule ModSecurity reacted, etcetera. The rules we employ are commercial, thus they're frequently updated by a security company, but to be on the safe side, our admins also add custom rules every now and then as to respond to any new threats they have discovered.