ModSecurity is a plugin for Apache web servers which functions as a web application layer firewall. It is employed to prevent attacks against script-driven Internet sites by using security rules which contain particular expressions. This way, the firewall can block hacking and spamming attempts and preserve even websites which aren't updated regularly. As an example, several failed login attempts to a script admin area or attempts to execute a particular file with the purpose to get access to the script will trigger specific rules, so ModSecurity shall stop these activities the second it identifies them. The firewall is extremely efficient as it tracks the whole HTTP traffic to an Internet site in real time without slowing it down, so it can easily stop an attack before any harm is done. It also keeps an incredibly detailed log of all attack attempts which contains more information than conventional Apache logs, so you could later check out the data and take further measures to boost the security of your sites if needed.

ModSecurity in Shared Website Hosting

ModSecurity is available on all shared website hosting servers, so if you decide to host your sites with our organization, they shall be shielded from a wide range of attacks. The firewall is turned on by default for all domains and subdomains, so there shall be nothing you shall need to do on your end. You shall be able to stop ModSecurity for any Internet site if necessary, or to activate a detection mode, so all activity will be recorded, but the firewall will not take any real action. You will be able to view detailed logs through your Hepsia Control Panel including the IP where the attack came from, what the attacker wanted to do and how ModSecurity addressed the threat. As we take the security of our customers' sites seriously, we employ a group of commercial rules which we take from one of the best firms that maintain this type of rules. Our admins also include custom rules to make sure that your sites will be protected against as many risks as possible.

ModSecurity in Semi-dedicated Servers

We've incorporated ModSecurity as a standard inside all semi-dedicated server packages, so your web applications shall be protected whenever you install them under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts will permit you to enable or turn off the firewall for any site with a mouse click. You will also have the ability to turn on a passive detection mode through which ModSecurity shall maintain a log of possible attacks without really preventing them. The thorough logs include things like the nature of the attack and what ModSecurity response this attack initiated, where it came from, etc. The list of rules that we employ is regularly updated in order to match any new risks which might appear on the Internet and it includes both commercial rules that we get from a security company and custom-written ones which our administrators include in case they discover a threat that's not present within the commercial list yet.

ModSecurity in Dedicated Servers

All of our dedicated servers that are installed with the Hepsia hosting CP feature ModSecurity, so any program you upload or install shall be secured from the very beginning and you will not have to worry about common attacks or vulnerabilities. An individual section inside Hepsia will permit you to start or stop the firewall for every domain or subdomain, or turn on a detection mode so that it records info about intrusions, but does not take actions to prevent them. What you will discover in the logs can help you to secure your Internet sites better - the IP address an attack originated from, what website was attacked as well as how, what ModSecurity rule was triggered, and so on. With this data, you'll be able to see whether a site needs an update, if you should block IPs from accessing your web server, and so on. Besides the third-party commercial security rules for ModSecurity which we use, our admins include custom ones as well every time they find a new threat that's not yet in the commercial bundle.