ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It is used to stop attacks towards script-driven websites by employing security rules that contain certain expressions. This way, the firewall can block hacking and spamming attempts and shield even sites which aren't updated often. For instance, multiple failed login attempts to a script admin area or attempts to execute a certain file with the intention to get access to the script will trigger specific rules, so ModSecurity will block these activities the instant it discovers them. The firewall is extremely efficient since it tracks the whole HTTP traffic to a site in real time without slowing it down, so it could prevent an attack before any damage is done. It also keeps an incredibly detailed log of all attack attempts that features more information than typical Apache logs, so you can later examine the data and take further measures to improve the security of your Internet sites if necessary.

ModSecurity in Cloud Website Hosting

ModSecurity is available with every single cloud website hosting plan that we provide and it is activated by default for any domain or subdomain which you include via your Hepsia Control Panel. If it interferes with any of your programs or you'd like to disable it for some reason, you'll be able to achieve that through the ModSecurity section of Hepsia with only a mouse click. You can also activate a passive mode, so the firewall will identify potential attacks and keep a log, but will not take any action. You can see detailed logs in the very same section, including the IP address where the attack originated from, exactly what the attacker aimed to do and at what time, what ModSecurity did, etc. For max safety of our clients we use a group of commercial firewall rules blended with custom ones which are added by our system administrators.

ModSecurity in Semi-dedicated Hosting

Any web program which you install within your new semi-dedicated hosting account will be protected by ModSecurity as the firewall is provided with all our hosting solutions and is activated by default for any domain and subdomain which you include or create via your Hepsia hosting CP. You'll be able to manage ModSecurity through a dedicated area inside Hepsia where not only could you activate or deactivate it fully, but you can also enable a passive mode, so the firewall shall not block anything, but it shall still maintain a record of potential attacks. This requires only a mouse click and you will be able to view the logs regardless of if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was taken care of, and so on. The firewall uses two groups of rules on our servers - a commercial one that we get from a third-party web security firm and a custom one that our admins update manually in order to respond to recently discovered risks as quickly as possible.

ModSecurity in VPS Hosting

ModSecurity is included with all Hepsia-based virtual private servers that we offer and it will be switched on automatically for any new domain or subdomain you add on the machine. That way, any web app that you install shall be secured right from the start without doing anything personally on your end. The firewall could be handled via the section of the Control Panel that bears the same name. This is the location in whichyou could switch off ModSecurity or enable its passive mode, so it won't take any action toward threats, but will still keep a thorough log. The recorded info is available inside the same area as well and you will be able to see what IPs any attacks came from to enable you to block them, what the nature of the attempted attacks was and based upon what security rules ModSecurity responded. The rules that we use on our servers are a mix between commercial ones we obtain from a security company and custom ones which are added by our staff to improve the security of any web apps hosted on our end.

ModSecurity in Dedicated Web Hosting

ModSecurity is included with all dedicated servers which are integrated with our Hepsia Control Panel and you'll not have to do anything specific on your end to use it since it's turned on by default whenever you include a new domain or subdomain on your server. In case it interferes with some of your programs, you'll be able to stop it via the respective area of Hepsia, or you could leave it in passive mode, so it'll recognize attacks and will still keep a log for them, but shall not stop them. You can look at the logs later to find out what you can do to enhance the protection of your Internet sites as you will find details such as where an intrusion attempt came from, what site was attacked and in accordance with what rule ModSecurity responded, and so on. The rules which we use are commercial, hence they're frequently updated by a security company, but to be on the safe side, our admins also add custom rules every now and then as to react to any new threats they have discovered.