ModSecurity is a plugin for Apache web servers that acts as a web app layer firewall. It is used to stop attacks against script-driven websites by using security rules that contain particular expressions. In this way, the firewall can prevent hacking and spamming attempts and shield even sites which aren't updated frequently. For instance, several unsuccessful login attempts to a script administrator area or attempts to execute a particular file with the intention to get access to the script will trigger particular rules, so ModSecurity shall block out these activities the instant it detects them. The firewall is quite efficient as it screens the whole HTTP traffic to an Internet site in real time without slowing it down, so it can prevent an attack before any harm is done. It also keeps an incredibly detailed log of all attack attempts which contains more info than standard Apache logs, so you can later check out the data and take further measures to enhance the security of your Internet sites if required.

ModSecurity in Cloud Website Hosting

ModSecurity is available with every single cloud website hosting plan that we provide and it is turned on by default for any domain or subdomain that you add via your Hepsia CP. In the event that it interferes with any of your programs or you'd like to disable it for some reason, you'll be able to do this through the ModSecurity area of Hepsia with simply a click. You can also use a passive mode, so the firewall will detect potential attacks and maintain a log, but will not take any action. You could see comprehensive logs in the same section, including the IP address where the attack originated from, what precisely the attacker aimed to do and at what time, what ModSecurity did, and so on. For optimum protection of our customers we use a set of commercial firewall rules mixed with custom ones which are included by our system administrators.

ModSecurity in VPS Servers

ModSecurity is provided with all Hepsia-based VPS servers which we offer and it'll be switched on automatically for any new domain or subdomain you add on the machine. That way, any web app that you install shall be protected right away without doing anything manually on your end. The firewall can be managed from the section of the CP that bears the same name. This is the location in whichyou could turn off ModSecurity or activate its passive mode, so it will not take any action towards threats, but shall still keep a comprehensive log. The recorded data is available within the same area as well and you'll be able to see what IPs any attacks originated from so that you block them, what the nature of the attempted attacks was and based upon what security rules ModSecurity responded. The rules which we employ on our servers are a blend between commercial ones we get from a security company and custom ones which are added by our administrators to improve the security of any web apps hosted on our end.

ModSecurity in Dedicated Servers

ModSecurity is provided as standard with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain that you create on the web server. In case that a web app does not work adequately, you can either disable the firewall or set it to function in passive mode. The second means that ModSecurity shall keep a log of any potential attack that might occur, but won't take any action to prevent it. The logs created in passive or active mode shall offer you more details about the exact file which was attacked, the type of the attack and the IP it originated from, etc. This info will allow you to determine what steps you can take to boost the protection of your websites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we employ are updated constantly with a commercial package from a third-party security provider we work with, but occasionally our staff add their own rules as well in case they discover a new potential threat.