ModSecurity is a plugin for Apache web servers that acts as a web application layer firewall. It's employed to prevent attacks toward script-driven sites by employing security rules that contain particular expressions. In this way, the firewall can prevent hacking and spamming attempts and shield even websites that are not updated on a regular basis. For example, multiple unsuccessful login attempts to a script admin area or attempts to execute a particular file with the intention to get access to the script shall trigger certain rules, so ModSecurity will stop these activities the second it discovers them. The firewall is extremely efficient because it tracks the whole HTTP traffic to a site in real time without slowing it down, so it will be able to prevent an attack before any harm is done. It additionally maintains a very detailed log of all attack attempts which includes more information than conventional Apache logs, so you can later analyze the data and take additional measures to increase the security of your Internet sites if required.

ModSecurity in Cloud Hosting

ModSecurity is offered with every single cloud hosting plan that we offer and it's activated by default for every domain or subdomain that you include through your Hepsia Control Panel. In the event that it disrupts any of your applications or you would like to disable it for some reason, you'll be able to achieve that through the ModSecurity section of Hepsia with only a mouse click. You could also enable a passive mode, so the firewall will identify potential attacks and maintain a log, but will not take any action. You could see extensive logs in the exact same section, including the IP address where the attack came from, exactly what the attacker tried to do and at what time, what ModSecurity did, and so on. For max safety of our clients we use a group of commercial firewall rules mixed with custom ones which are provided by our system administrators.

ModSecurity in Semi-dedicated Servers

We've integrated ModSecurity as a standard in all semi-dedicated server products, so your web apps shall be protected the instant you install them under any domain or subdomain. The Hepsia CP which comes with the semi-dedicated accounts will permit you to enable or turn off the firewall for any site with a click. You'll also be able to switch on a passive detection mode in which ModSecurity shall keep a log of possible attacks without really stopping them. The comprehensive logs include things like the nature of the attack and what ModSecurity response that attack caused, where it originated from, etcetera. The list of rules which we employ is constantly updated as to match any new threats that might appear on the Internet and it consists of both commercial rules that we get from a security corporation and custom-written ones which our administrators add in the event that they find a threat that is not present within the commercial list yet.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are provided with the Hepsia hosting CP, so your web apps shall be protected from the instant your server is ready. The firewall is turned on by default for any domain or subdomain on the Virtual Private Server, but if needed, you can deactivate it with a click through the corresponding section of Hepsia. You could also set it to work in detection mode, so it'll maintain a comprehensive log of any potential attacks without taking any action to stop them. The logs are available inside the same section and include information regarding the nature of the attack, what IP it came from and what ModSecurity rule was triggered to stop it. For maximum security, we employ not simply commercial rules from a business operating in the field of web security, but also custom ones our administrators include manually so as to react to new risks that are still not addressed in the commercial rules.

ModSecurity in Dedicated Servers

ModSecurity is offered as standard with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain that you create on the server. Just in case that a web application does not operate properly, you may either disable the firewall or set it to function in passive mode. The latter means that ModSecurity will maintain a log of any possible attack which might occur, but won't take any action to prevent it. The logs generated in passive or active mode shall give you more details about the exact file which was attacked, the nature of the attack and the IP address it came from, and so forth. This information shall permit you to decide what steps you can take to boost the security of your websites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules that we employ are updated often with a commercial package from a third-party security provider we work with, but oftentimes our administrators include their own rules also in case they find a new potential threat.