ModSecurity is a plugin for Apache web servers that functions as a web application layer firewall. It's employed to stop attacks toward script-driven sites by using security rules that contain certain expressions. That way, the firewall can prevent hacking and spamming attempts and preserve even sites that are not updated frequently. As an example, numerous unsuccessful login attempts to a script administrator area or attempts to execute a particular file with the intention to get access to the script shall trigger certain rules, so ModSecurity will block these activities the moment it identifies them. The firewall is incredibly efficient since it screens the whole HTTP traffic to a website in real time without slowing it down, so it could stop an attack before any damage is done. It also maintains an exceptionally thorough log of all attack attempts which features more info than conventional Apache logs, so you could later analyze the data and take additional measures to improve the security of your sites if required.

ModSecurity in Shared Web Hosting

We provide ModSecurity with all shared web hosting plans, so your Internet applications shall be shielded from malicious attacks. The firewall is switched on by default for all domains and subdomains, but if you'd like, you shall be able to stop it via the respective part of your Hepsia Control Panel. You'll be able to also activate a detection mode, so ModSecurity will keep a log as intended, but shall not take any action. The logs that you shall find inside Hepsia are extremely detailed and include information about the nature of any attack, when it happened and from what IP address, the firewall rule that was triggered, etc. We employ a group of commercial rules that are regularly updated, but sometimes our admins include custom rules as well in order to efficiently protect the sites hosted on our servers.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are set up with the Hepsia hosting CP, so your web applications shall be secured from the instant your server is in a position. The firewall is activated by default for any domain or subdomain on the VPS, but if needed, you can deactivate it with a click of your mouse via the corresponding section of Hepsia. You may also set it to function in detection mode, so it'll maintain a comprehensive log of any potential attacks without taking any action to stop them. The logs can be found inside the very same section and provide information regarding the nature of the attack, what IP address it originated from and what ModSecurity rule was initiated to stop it. For optimum security, we use not just commercial rules from a firm working in the field of web security, but also custom ones our administrators include manually so as to react to new risks which are still not tackled in the commercial rules.

ModSecurity in Dedicated Servers

ModSecurity is provided as standard with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain that you create on the server. In case that a web app does not operate correctly, you may either turn off the firewall or set it to operate in passive mode. The second means that ModSecurity will keep a log of any possible attack which may occur, but won't take any action to prevent it. The logs generated in passive or active mode shall give you additional details about the exact file that was attacked, the form of the attack and the IP it came from, etc. This information will permit you to choose what measures you can take to increase the protection of your websites, including blocking IPs or performing script and plugin updates. The ModSecurity rules that we use are updated regularly with a commercial bundle from a third-party security company we work with, but occasionally our staff add their own rules also in the event that they discover a new potential threat.