ModSecurity is a plugin for Apache web servers that acts as a web application layer firewall. It's used to stop attacks towards script-driven Internet sites by using security rules that contain particular expressions. This way, the firewall can prevent hacking and spamming attempts and protect even Internet sites that aren't updated frequently. For instance, several failed login attempts to a script admin area or attempts to execute a specific file with the intention to get access to the script shall trigger certain rules, so ModSecurity shall stop these activities the instant it detects them. The firewall is very efficient since it tracks the whole HTTP traffic to an Internet site in real time without slowing it down, so it could prevent an attack before any harm is done. It furthermore keeps a very thorough log of all attack attempts which features more information than traditional Apache logs, so you could later examine the data and take further measures to increase the security of your Internet sites if required.

ModSecurity in Cloud Hosting

ModSecurity is offered with each and every cloud hosting package which we provide and it is switched on by default for any domain or subdomain that you add via your Hepsia Control Panel. If it interferes with any of your applications or you would like to disable it for whatever reason, you'll be able to achieve that through the ModSecurity area of Hepsia with only a mouse click. You can also activate a passive mode, so the firewall will discover possible attacks and maintain a log, but shall not take any action. You'll be able to view detailed logs in the very same section, including the IP address where the attack came from, what exactly the attacker aimed to do and at what time, what ModSecurity did, and so forth. For maximum protection of our clients we use a group of commercial firewall rules blended with custom ones which are added by our system administrators.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server plans which we offer include ModSecurity and since the firewall is enabled by default, any Internet site you set up under a domain or a subdomain shall be secured right away. A separate section inside the Hepsia Control Panel which comes with the semi-dedicated accounts is devoted to ModSecurity and it will allow you to stop and start the firewall for any Internet site or activate a detection mode. With the latter, ModSecurity won't take any action, but it will still identify possible attacks and shall keep all data inside a log as if it were completely active. The logs could be found in the same section of the CP and they feature specifics about the IP where an attack came from, what its nature was, what rule ModSecurity applies to detect and stop it, and so forth. The security rules that we use on our servers are a mix between commercial ones from a security company and custom ones developed by our system admins. Therefore, we provide higher security for your web apps as we can defend them from attacks before security corporations release updates for brand new threats.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are set up with the Hepsia hosting CP, so your web programs will be protected from the second your server is ready. The firewall is switched on by default for any domain or subdomain on the VPS, but if required, you'll be able to deactivate it with a mouse click through the corresponding section of Hepsia. You can also set it to operate in detection mode, so it will maintain a comprehensive log of any possible attacks without taking any action to prevent them. The logs are available inside the same section and include information regarding the nature of the attack, what IP address it came from and what ModSecurity rule was activated to stop it. For best security, we use not only commercial rules from a business working in the field of web security, but also custom ones which our admins include personally so as to react to new threats that are still not tackled in the commercial rules.

ModSecurity in Dedicated Servers

ModSecurity is offered by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain which you create on the web server. Just in case that a web app doesn't work correctly, you can either disable the firewall or set it to operate in passive mode. The latter means that ModSecurity shall keep a log of any possible attack that could happen, but won't take any action to stop it. The logs produced in active or passive mode shall provide you with more details about the exact file that was attacked, the form of the attack and the IP it came from, etc. This data shall permit you to decide what measures you can take to increase the security of your sites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules which we use are updated regularly with a commercial package from a third-party security enterprise we work with, but oftentimes our staff include their own rules as well if they come across a new potential threat.