ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It's used to prevent attacks towards script-driven Internet sites through the use of security rules that contain specific expressions. In this way, the firewall can prevent hacking and spamming attempts and protect even Internet sites that aren't updated regularly. As an example, numerous unsuccessful login attempts to a script admin area or attempts to execute a specific file with the objective to get access to the script will trigger specific rules, so ModSecurity will stop these activities the moment it discovers them. The firewall is extremely efficient because it screens the entire HTTP traffic to an Internet site in real time without slowing it down, so it will be able to prevent an attack before any harm is done. It furthermore maintains an exceptionally comprehensive log of all attack attempts which features more info than conventional Apache logs, so you can later analyze the data and take additional measures to increase the security of your Internet sites if needed.

ModSecurity in Shared Website Hosting

We offer ModSecurity with all shared website hosting packages, so your web applications will be resistant to destructive attacks. The firewall is activated by default for all domains and subdomains, but in case you would like, you'll be able to stop it using the respective area of your Hepsia Control Panel. You can also activate a detection mode, so ModSecurity will keep a log as intended, but won't take any action. The logs that you'll find within Hepsia are incredibly detailed and feature data about the nature of any attack, when it transpired and from what IP, the firewall rule that was triggered, and so forth. We use a range of commercial rules that are often updated, but sometimes our admins add custom rules as well in order to efficiently protect the Internet sites hosted on our servers.

ModSecurity in Semi-dedicated Servers

Any web application you set up within your new semi-dedicated server account will be protected by ModSecurity as the firewall is included with all our hosting plans and is activated by default for any domain and subdomain you add or create through your Hepsia hosting Control Panel. You'll be able to manage ModSecurity through a dedicated section within Hepsia where not simply could you activate or deactivate it entirely, but you could also switch on a passive mode, so the firewall will not block anything, but it'll still maintain a record of possible attacks. This requires only a mouse click and you will be able to look at the logs regardless if ModSecurity is in active or passive mode through the same section - what the attack was and where it came from, how it was dealt with, and so on. The firewall uses 2 groups of rules on our machines - a commercial one that we get from a third-party web security firm and a custom one which our admins update manually in order to respond to newly discovered threats as soon as possible.

ModSecurity in Dedicated Servers

ModSecurity is available by default with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain which you create on the server. Just in case that a web application doesn't operate properly, you may either switch off the firewall or set it to operate in passive mode. The second means that ModSecurity will keep a log of any possible attack that might happen, but will not take any action to stop it. The logs created in passive or active mode will offer you additional details about the exact file that was attacked, the nature of the attack and the IP it originated from, and so forth. This information shall permit you to choose what actions you can take to increase the security of your websites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules we use are updated regularly with a commercial package from a third-party security company we work with, but occasionally our staff include their own rules too in case they come across a new potential threat.