ModSecurity is a plugin for Apache web servers that functions as a web application layer firewall. It is used to stop attacks against script-driven websites through the use of security rules which contain specific expressions. In this way, the firewall can block hacking and spamming attempts and shield even Internet sites which are not updated regularly. For example, multiple failed login attempts to a script administrative area or attempts to execute a certain file with the objective to get access to the script will trigger specific rules, so ModSecurity will stop these activities the minute it discovers them. The firewall is quite efficient since it monitors the whole HTTP traffic to an Internet site in real time without slowing it down, so it can stop an attack before any damage is done. It also keeps a very detailed log of all attack attempts which includes more information than conventional Apache logs, so you could later examine the data and take additional measures to improve the security of your Internet sites if necessary.

ModSecurity in Cloud Hosting

ModSecurity is available with every single cloud hosting package which we provide and it is switched on by default for every domain or subdomain which you include via your Hepsia Control Panel. In case it interferes with any of your apps or you would like to disable it for any reason, you'll be able to do that through the ModSecurity area of Hepsia with merely a click. You may also use a passive mode, so the firewall will detect potential attacks and maintain a log, but won't take any action. You can see extensive logs in the same section, including the IP where the attack came from, what exactly the attacker attempted to do and at what time, what ModSecurity did, and so forth. For max security of our customers we use a set of commercial firewall rules combined with custom ones that are added by our system administrators.

ModSecurity in Semi-dedicated Hosting

ModSecurity is a part of our semi-dedicated hosting plans and if you opt to host your Internet sites with our company, there will not be anything special you'll have to do as the firewall is switched on by default for all domains and subdomains which you add using your hosting CP. If needed, you can disable ModSecurity for a particular Internet site or enable the so-called detection mode in which case the firewall will still function and record info, but shall not do anything to stop possible attacks on your sites. In depth logs will be readily available inside your Control Panel and you shall be able to see what sort of attacks happened, what security rules were triggered and how the firewall addressed the threats, what Internet protocol addresses the attacks came from, and so forth. We use two types of rules on our servers - commercial ones from a firm that operates in the field of web security, and custom ones that our admins sometimes add to respond to newly identified threats in a timely manner.

ModSecurity in VPS

Security is essential to us, so we set up ModSecurity on all virtual private servers which are made available with the Hepsia Control Panel as a standard. The firewall could be managed via a dedicated section in Hepsia and is turned on automatically when you add a new domain or create a subdomain, so you will not need to do anything manually. You'll also be able to disable it or turn on the so-called detection mode, so it shall keep a log of potential attacks which you can later examine, but shall not prevent them. The logs in both passive and active modes offer information regarding the type of the attack and how it was eliminated, what IP address it originated from and other valuable data that might help you to tighten the security of your Internet sites by updating them or blocking IPs, for instance. Beyond the commercial rules that we get for ModSecurity from a third-party security company, we also employ our own rules as every now and then we discover specific attacks that aren't yet present within the commercial pack. This way, we can easily enhance the protection of your VPS promptly rather than awaiting a certified update.

ModSecurity in Dedicated Hosting

ModSecurity is provided as standard with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain that you host or subdomain that you create on the hosting server. In case that a web application doesn't function adequately, you could either switch off the firewall or set it to operate in passive mode. The second means that ModSecurity will maintain a log of any potential attack which might occur, but will not take any action to stop it. The logs produced in active or passive mode shall present you with more details about the exact file that was attacked, the form of the attack and the IP address it came from, etc. This data shall enable you to decide what actions you can take to enhance the security of your sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules which we use are updated regularly with a commercial bundle from a third-party security company we work with, but occasionally our administrators add their own rules also when they come across a new potential threat.