ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It is employed to stop attacks towards script-driven Internet sites through the use of security rules which contain particular expressions. In this way, the firewall can stop hacking and spamming attempts and preserve even Internet sites that are not updated often. For example, several failed login attempts to a script admin area or attempts to execute a certain file with the objective to get access to the script shall trigger particular rules, so ModSecurity will block these activities the second it detects them. The firewall is quite efficient since it tracks the whole HTTP traffic to a website in real time without slowing it down, so it can stop an attack before any damage is done. It furthermore keeps an incredibly thorough log of all attack attempts that features more info than conventional Apache logs, so you could later check out the data and take additional measures to boost the security of your Internet sites if necessary.

ModSecurity in Hosting

ModSecurity is provided with all hosting web servers, so when you choose to host your websites with our organization, they'll be shielded from a wide range of attacks. The firewall is turned on by default for all domains and subdomains, so there'll be nothing you'll need to do on your end. You shall be able to stop ModSecurity for any site if needed, or to switch on a detection mode, so that all activity will be recorded, but the firewall won't take any real action. You'll be able to view specific logs through your Hepsia Control Panel including the IP address where the attack came from, what the attacker wanted to do and how ModSecurity dealt with the threat. Since we take the safety of our customers' Internet sites seriously, we employ a set of commercial rules that we get from one of the best firms that maintain this sort of rules. Our admins also include custom rules to make certain that your Internet sites shall be protected against as many threats as possible.

ModSecurity in Semi-dedicated Hosting

We've incorporated ModSecurity as a standard within all semi-dedicated hosting plans, so your web apps shall be protected the instant you set them up under any domain or subdomain. The Hepsia CP which comes with the semi-dedicated accounts will permit you to enable or turn off the firewall for any site with a mouse click. You will also be able to turn on a passive detection mode with which ModSecurity will maintain a log of possible attacks without actually stopping them. The comprehensive logs contain the nature of the attack and what ModSecurity response that attack generated, where it originated from, etc. The list of rules which we use is constantly updated as to match any new risks which might appear on the Internet and it consists of both commercial rules that we get from a security company and custom-written ones which our administrators add in the event that they discover a threat that is not present in the commercial list yet.

ModSecurity in Dedicated Hosting

All our dedicated servers that are set up with the Hepsia hosting Control Panel include ModSecurity, so any application which you upload or install will be properly secured from the very beginning and you won't need to stress about common attacks or vulnerabilities. An individual section within Hepsia will enable you to start or stop the firewall for each domain or subdomain, or turn on a detection mode so that it records information regarding intrusions, but doesn't take actions to prevent them. What you'll find in the logs shall allow you to to secure your sites better - the IP an attack originated from, what site was attacked as well as how, what ModSecurity rule was triggered, and so forth. With this data, you can see if a website needs an update, if you ought to block IPs from accessing your web server, etcetera. In addition to the third-party commercial security rules for ModSecurity we use, our admins include custom ones as well when they come across a new threat that's not yet included in the commercial bundle.