ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It's used to stop attacks against script-driven Internet sites by employing security rules which contain specific expressions. In this way, the firewall can block hacking and spamming attempts and protect even websites that are not updated often. As an example, multiple unsuccessful login attempts to a script admin area or attempts to execute a specific file with the objective to get access to the script shall trigger particular rules, so ModSecurity will block out these activities the second it discovers them. The firewall is extremely efficient since it screens the whole HTTP traffic to a website in real time without slowing it down, so it will be able to stop an attack before any damage is done. It furthermore keeps an exceptionally thorough log of all attack attempts that contains more information than typical Apache logs, so you could later examine the data and take further measures to increase the security of your Internet sites if necessary.

ModSecurity in Website Hosting

ModSecurity is available on all website hosting web servers, so when you decide to host your Internet sites with our business, they'll be shielded from an array of attacks. The firewall is turned on by default for all domains and subdomains, so there shall be nothing you'll need to do on your end. You shall be able to stop ModSecurity for any website if necessary, or to enable a detection mode, so all activity will be recorded, but the firewall will not take any real action. You will be able to view specific logs using your Hepsia CP including the IP where the attack came from, what the attacker planned to do and how ModSecurity addressed the threat. As we take the safety of our clients' sites seriously, we use a set of commercial rules that we take from one of the top firms that maintain such rules. Our admins also add custom rules to make sure that your Internet sites will be resistant to as many risks as possible.

ModSecurity in Semi-dedicated Servers

We have included ModSecurity as a standard in all semi-dedicated server plans, so your web apps shall be protected whenever you set them up under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts shall permit you to activate or turn off the firewall for any Internet site with a mouse click. You'll also have the ability to turn on a passive detection mode with which ModSecurity shall keep a log of potential attacks without actually stopping them. The comprehensive logs contain the nature of the attack and what ModSecurity response this attack activated, where it originated from, and so forth. The list of rules that we employ is constantly updated in order to match any new threats which might appear on the Internet and it features both commercial rules that we get from a security firm and custom-written ones that our administrators add if they find a threat that's not present in the commercial list yet.

ModSecurity in Dedicated Servers

ModSecurity is included with all dedicated servers which are integrated with our Hepsia Control Panel and you'll not have to do anything specific on your end to use it because it's activated by default whenever you add a new domain or subdomain on your hosting server. In case it interferes with any of your programs, you shall be able to stop it through the respective part of Hepsia, or you could leave it working in passive mode, so it shall recognize attacks and shall still keep a log for them, but shall not prevent them. You can analyze the logs later to learn what you can do to enhance the safety of your websites as you shall find details such as where an intrusion attempt came from, what website was attacked and based on what rule ModSecurity reacted, etcetera. The rules that we employ are commercial, therefore they are frequently updated by a security provider, but to be on the safe side, our administrators also add custom rules occasionally as to deal with any new threats they have identified.