ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It's employed to stop attacks against script-driven Internet sites by using security rules that contain particular expressions. That way, the firewall can block hacking and spamming attempts and shield even websites which are not updated on a regular basis. For example, several failed login attempts to a script administrator area or attempts to execute a specific file with the intention to get access to the script shall trigger specific rules, so ModSecurity will stop these activities the instant it discovers them. The firewall is quite efficient since it monitors the entire HTTP traffic to a site in real time without slowing it down, so it will be able to stop an attack before any harm is done. It also keeps an incredibly detailed log of all attack attempts which features more info than standard Apache logs, so you could later examine the data and take additional measures to improve the security of your Internet sites if necessary.

ModSecurity in Cloud Web Hosting

ModSecurity comes by default with all cloud web hosting plans that we supply and it will be turned on automatically for any domain or subdomain that you add/create inside your Hepsia hosting CP. The firewall has 3 different modes, so you'll be able to switch on and disable it with simply a click or set it to detection mode, so it shall maintain a log of all attacks, but it shall not do anything to prevent them. The log for each of your Internet sites will include elaborate information which includes the nature of the attack, where it originated from, what action was taken by ModSecurity, etc. The firewall rules we use are regularly updated and include both commercial ones which we get from a third-party security firm and custom ones that our system administrators include in case that they detect a new type of attacks. This way, the websites you host here shall be much more protected with no action required on your end.

ModSecurity in Semi-dedicated Hosting

ModSecurity is part of our semi-dedicated hosting solutions and if you opt to host your sites with us, there won't be anything special you'll need to do since the firewall is activated by default for all domains and subdomains that you add using your hosting Control Panel. If necessary, you can disable ModSecurity for a given Internet site or turn on the so-called detection mode in which case the firewall will still operate and record data, but won't do anything to stop potential attacks on your Internet sites. Detailed logs shall be readily available in your Control Panel and you will be able to see which kind of attacks took place, what security rules were triggered and how the firewall addressed the threats, what Internet protocol addresses the attacks came from, and so on. We use two types of rules on our servers - commercial ones from a company which operates in the field of web security, and custom ones which our administrators often include to respond to newly discovered threats promptly.

ModSecurity in Dedicated Hosting

ModSecurity is offered by default with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain that you create on the hosting server. In case that a web app does not function properly, you may either switch off the firewall or set it to function in passive mode. The latter means that ModSecurity shall keep a log of any potential attack which could happen, but won't take any action to prevent it. The logs created in passive or active mode shall provide you with more details about the exact file which was attacked, the nature of the attack and the IP address it came from, etcetera. This information shall permit you to decide what steps you can take to increase the protection of your Internet sites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules we employ are updated often with a commercial package from a third-party security company we work with, but from time to time our administrators add their own rules too if they identify a new potential threat.