ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It is employed to prevent attacks towards script-driven websites by using security rules that contain particular expressions. That way, the firewall can prevent hacking and spamming attempts and shield even sites which aren't updated often. For example, multiple unsuccessful login attempts to a script administrator area or attempts to execute a specific file with the intention to get access to the script shall trigger certain rules, so ModSecurity will stop these activities the instant it discovers them. The firewall is extremely efficient as it monitors the whole HTTP traffic to an Internet site in real time without slowing it down, so it can easily prevent an attack before any damage is done. It also keeps an incredibly comprehensive log of all attack attempts which includes more info than standard Apache logs, so you can later examine the data and take extra measures to boost the security of your websites if necessary.

ModSecurity in Web Hosting

ModSecurity is available with each and every web hosting package which we offer and it is activated by default for every domain or subdomain that you include via your Hepsia Control Panel. In the event that it interferes with any of your apps or you'd like to disable it for any reason, you will be able to do this through the ModSecurity section of Hepsia with simply a click. You can also enable a passive mode, so the firewall will recognize possible attacks and keep a log, but shall not take any action. You can see detailed logs in the same section, including the IP address where the attack originated from, what precisely the attacker attempted to do and at what time, what ModSecurity did, etc. For maximum protection of our clients we use a collection of commercial firewall rules mixed with custom ones which are provided by our system admins.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting packages that we offer include ModSecurity and given that the firewall is switched on by default, any website which you build under a domain or a subdomain shall be protected right from the start. An individual section in the Hepsia Control Panel that comes with the semi-dedicated accounts is dedicated to ModSecurity and it shall enable you to stop and start the firewall for any site or activate a detection mode. With the last option, ModSecurity will not take any action, but it'll still identify possible attacks and will keep all data within a log as if it were 100% active. The logs can be found inside the same section of the CP and they offer specifics about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to recognize and stop it, etcetera. The security rules we use on our machines are a mix between commercial ones from a security company and custom ones created by our system admins. As a result, we provide higher security for your web apps as we can defend them from attacks even before security companies release updates for new threats.

ModSecurity in VPS Web Hosting

All virtual private servers that are provided with the Hepsia CP include ModSecurity. The firewall is set up and activated by default for all domains that are hosted on the web server, so there won't be anything special that you'll need to do to protect your websites. It will take you a mouse click to stop ModSecurity if necessary or to turn on its passive mode so that it records what happens without taking any measures to prevent intrusions. You'll be able to see the logs generated in active or passive mode via the corresponding section of Hepsia and learn more about the form of the attack, where it came from, what rule the firewall used to handle it, and so forth. We use a combination of commercial and custom rules so as to ensure that ModSecurity will block as many risks as possible, consequently boosting the security of your web programs as much as possible.

ModSecurity in Dedicated Servers Hosting

When you choose to host your websites on a dedicated server with the Hepsia CP, your web apps will be protected immediately as ModSecurity is supplied with all Hepsia-based packages. You shall be able to regulate the firewall with ease and if required, you'll be able to turn it off or switch on its passive mode when it'll only keep a log of what's happening without taking any action to stop potential attacks. The logs that you will find inside the same section of the CP are very detailed and include information about the attacker IP address, what website and file were attacked and in what ways, what rule the firewall employed to prevent the intrusion, and so on. This information shall allow you to take measures and increase the protection of your Internet sites even more. To be on the safe side, we employ not only commercial rules, but also custom-made ones which our administrators include when they detect attacks that have not yet been included inside the commercial pack.