ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It's used to stop attacks toward script-driven websites by using security rules which contain particular expressions. This way, the firewall can block hacking and spamming attempts and protect even sites that are not updated on a regular basis. For instance, a number of unsuccessful login attempts to a script administrator area or attempts to execute a particular file with the purpose to get access to the script will trigger certain rules, so ModSecurity shall block these activities the moment it identifies them. The firewall is quite efficient because it monitors the entire HTTP traffic to a website in real time without slowing it down, so it could stop an attack before any harm is done. It additionally maintains a very detailed log of all attack attempts which contains more information than traditional Apache logs, so you could later check out the data and take extra measures to boost the security of your websites if required.

ModSecurity in Shared Website Hosting

ModSecurity comes by default with all shared website hosting solutions that we offer and it will be switched on automatically for any domain or subdomain you add/create inside your Hepsia hosting CP. The firewall has three different modes, so you can activate and deactivate it with a click or set it to detection mode, so it'll keep a log of all attacks, but it will not do anything to stop them. The log for any of your Internet sites will contain detailed info which includes the nature of the attack, where it came from, what action was taken by ModSecurity, and so on. The firewall rules which we use are constantly updated and include both commercial ones that we get from a third-party security firm and custom ones our system admins add in case that they detect a new type of attacks. In this way, the sites you host here shall be far more protected without any action needed on your end.

ModSecurity in Semi-dedicated Servers

We've integrated ModSecurity by default in all semi-dedicated server plans, so your web applications shall be protected whenever you set them up under any domain or subdomain. The Hepsia Control Panel which comes with the semi-dedicated accounts will allow you to activate or turn off the firewall for any site with a mouse click. You will also be able to switch on a passive detection mode in which ModSecurity shall keep a log of potential attacks without actually stopping them. The comprehensive logs include the nature of the attack and what ModSecurity response this attack initiated, where it originated from, etc. The list of rules we use is constantly updated in order to match any new threats which could appear on the Internet and it features both commercial rules that we get from a security business and custom-written ones that our admins include if they discover a threat which is not present inside the commercial list yet.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are offered with the Hepsia hosting CP, so your web apps will be protected from the moment your server is in a position. The firewall is turned on by default for any domain or subdomain on the VPS, but if required, you can disable it with a click of your mouse through the corresponding section of Hepsia. You could also set it to operate in detection mode, so it shall keep an extensive log of any possible attacks without taking any action to prevent them. The logs are available inside the same section and include information about the nature of the attack, what IP address it originated from and what ModSecurity rule was activated to stop it. For maximum security, we employ not only commercial rules from a firm operating in the field of web security, but also custom ones our admins include manually so as to respond to new risks that are still not tackled in the commercial rules.

ModSecurity in Dedicated Servers

ModSecurity is offered by default with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain which you create on the server. Just in case that a web application doesn't work properly, you can either switch off the firewall or set it to work in passive mode. The latter means that ModSecurity shall maintain a log of any potential attack that could occur, but will not take any action to prevent it. The logs produced in active or passive mode will present you with additional details about the exact file that was attacked, the nature of the attack and the IP address it came from, etcetera. This data will enable you to choose what steps you can take to enhance the protection of your sites, including blocking IPs or performing script and plugin updates. The ModSecurity rules which we use are updated frequently with a commercial bundle from a third-party security company we work with, but oftentimes our admins include their own rules as well if they discover a new potential threat.