ModSecurity is a plugin for Apache web servers that functions as a web application layer firewall. It is employed to prevent attacks toward script-driven Internet sites by using security rules that contain specific expressions. In this way, the firewall can prevent hacking and spamming attempts and preserve even sites which aren't updated often. For example, numerous unsuccessful login attempts to a script admin area or attempts to execute a specific file with the objective to get access to the script will trigger certain rules, so ModSecurity shall stop these activities the minute it detects them. The firewall is quite efficient as it monitors the whole HTTP traffic to a site in real time without slowing it down, so it can stop an attack before any damage is done. It additionally keeps a very comprehensive log of all attack attempts which contains more information than standard Apache logs, so you could later analyze the data and take extra measures to boost the security of your sites if needed.

ModSecurity in Cloud Website Hosting

ModSecurity can be found with each cloud website hosting package that we provide and it's turned on by default for any domain or subdomain that you include through your Hepsia Control Panel. If it interferes with any of your apps or you would like to disable it for whatever reason, you'll be able to accomplish that through the ModSecurity section of Hepsia with just a mouse click. You can also use a passive mode, so the firewall will identify potential attacks and maintain a log, but will not take any action. You can see extensive logs in the exact same section, including the IP address where the attack originated from, what precisely the attacker tried to do and at what time, what ModSecurity did, etc. For maximum protection of our clients we use a group of commercial firewall rules combined with custom ones that are added by our system administrators.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server plans that we offer come with ModSecurity and since the firewall is turned on by default, any Internet site which you set up under a domain or a subdomain shall be secured right away. An independent section within the Hepsia CP which comes with the semi-dedicated accounts is devoted to ModSecurity and it shall permit you to start and stop the firewall for any Internet site or switch on a detection mode. With the last option, ModSecurity shall not take any action, but it will still recognize possible attacks and shall keep all info within a log as if it were 100% active. The logs can be found within the very same section of the CP and they include specifics about the IP where an attack came from, what its nature was, what rule ModSecurity applies to recognize and stop it, and so forth. The security rules we employ on our servers are a mix between commercial ones from a security company and custom ones made by our system admins. Therefore, we provide higher security for your web programs as we can protect them from attacks before security firms release updates for brand new threats.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are set up with the Hepsia hosting CP, so your web programs shall be protected from the moment your server is in a position. The firewall is turned on by default for any domain or subdomain on the VPS, but if necessary, you can disable it with a click of your mouse via the corresponding section of Hepsia. You can also set it to operate in detection mode, so it'll keep an extensive log of any possible attacks without taking any action to prevent them. The logs can be found in the same section and offer information regarding the nature of the attack, what IP address it came from and what ModSecurity rule was activated to stop it. For optimum security, we use not only commercial rules from a firm operating in the field of web security, but also custom ones which our administrators include personally so as to react to new threats that are still not dealt with in the commercial rules.

ModSecurity in Dedicated Servers

ModSecurity is available by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain you create on the web server. Just in case that a web app does not work correctly, you can either disable the firewall or set it to function in passive mode. The latter means that ModSecurity will keep a log of any potential attack which may occur, but shall not take any action to stop it. The logs created in active or passive mode will provide you with more details about the exact file that was attacked, the nature of the attack and the IP address it originated from, and so on. This data will enable you to determine what measures you can take to enhance the safety of your Internet sites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules which we use are updated frequently with a commercial bundle from a third-party security company we work with, but from time to time our admins include their own rules too in the event that they find a new potential threat.