ModSecurity is a plugin for Apache web servers which acts as a web application layer firewall. It is used to prevent attacks towards script-driven websites by using security rules which contain particular expressions. That way, the firewall can prevent hacking and spamming attempts and preserve even websites which aren't updated regularly. For example, several failed login attempts to a script admin area or attempts to execute a specific file with the purpose to get access to the script shall trigger particular rules, so ModSecurity shall block out these activities the instant it detects them. The firewall is quite efficient because it screens the whole HTTP traffic to a website in real time without slowing it down, so it will be able to stop an attack before any harm is done. It additionally maintains an exceptionally detailed log of all attack attempts that includes more info than traditional Apache logs, so you could later analyze the data and take additional measures to boost the security of your sites if required.

ModSecurity in Shared Hosting

We offer ModSecurity with all shared hosting solutions, so your web apps will be shielded from malicious attacks. The firewall is activated by default for all domains and subdomains, but in case you would like, you shall be able to stop it via the respective area of your Hepsia CP. You can also activate a detection mode, so ModSecurity shall keep a log as intended, but shall not take any action. The logs that you shall find in Hepsia are quite detailed and offer data about the nature of any attack, when it transpired and from what IP, the firewall rule which was triggered, etc. We employ a set of commercial rules which are often updated, but sometimes our administrators include custom rules as well so as to efficiently protect the sites hosted on our machines.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server solutions that we offer include ModSecurity and given that the firewall is turned on by default, any Internet site that you build under a domain or a subdomain will be secured immediately. A separate section in the Hepsia Control Panel that comes with the semi-dedicated accounts is devoted to ModSecurity and it will allow you to stop and start the firewall for any website or enable a detection mode. With the latter, ModSecurity won't take any action, but it will still identify possible attacks and will keep all info inside a log as if it were 100% active. The logs can be found within the exact same section of the Control Panel and they offer specifics about the IP where an attack came from, what its nature was, what rule ModSecurity applies to detect and stop it, etcetera. The security rules we employ on our machines are a mix between commercial ones from a security company and custom ones developed by our system admins. For that reason, we provide increased security for your web applications as we can defend them from attacks even before security businesses release updates for new threats.

ModSecurity in Dedicated Servers

All of our dedicated servers that are installed with the Hepsia hosting CP feature ModSecurity, so any application which you upload or install will be secured from the very beginning and you won't have to bother about common attacks or vulnerabilities. An individual section inside Hepsia will permit you to start or stop the firewall for each and every domain or subdomain, or turn on a detection mode so that it records information about intrusions, but doesn't take actions to stop them. What you shall find in the logs can help you to secure your sites better - the IP an attack originated from, what site was attacked and how, what ModSecurity rule was triggered, and so forth. With this information, you could see whether an Internet site needs an update, if you need to block IPs from accessing your hosting server, and so on. In addition to the third-party commercial security rules for ModSecurity which we use, our administrators include custom ones too every time they come across a new threat which is not yet included in the commercial bundle.