ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It is used to prevent attacks against script-driven sites by employing security rules that contain specific expressions. In this way, the firewall can stop hacking and spamming attempts and protect even Internet sites which are not updated on a regular basis. For example, numerous failed login attempts to a script administrator area or attempts to execute a particular file with the objective to get access to the script will trigger particular rules, so ModSecurity will stop these activities the instant it detects them. The firewall is very efficient since it tracks the entire HTTP traffic to an Internet site in real time without slowing it down, so it will be able to prevent an attack before any damage is done. It also maintains a very comprehensive log of all attack attempts which features more info than conventional Apache logs, so you can later examine the data and take additional measures to boost the security of your sites if required.

ModSecurity in Shared Hosting

ModSecurity comes by default with all shared hosting packages which we offer and it shall be activated automatically for any domain or subdomain which you add/create within your Hepsia hosting Control Panel. The firewall has three different modes, so you could activate and disable it with simply a click or set it to detection mode, so it will maintain a log of all attacks, but it'll not do anything to prevent them. The log for each of your Internet sites will feature in-depth info including the nature of the attack, where it originated from, what action was taken by ModSecurity, and so forth. The firewall rules that we use are frequently updated and incorporate both commercial ones we get from a third-party security company and custom ones which our system admins include in the event that they detect a new type of attacks. That way, the sites that you host here shall be far more protected with no action expected on your end.

ModSecurity in Semi-dedicated Hosting

ModSecurity is a part of our semi-dedicated hosting packages and if you choose to host your sites with us, there won't be anything special you'll need to do since the firewall is turned on by default for all domains and subdomains which you include via your hosting Control Panel. If necessary, you could disable ModSecurity for a given website or switch on the so-called detection mode in which case the firewall will still work and record information, but shall not do anything to stop potential attacks on your sites. In depth logs will be accessible in your Control Panel and you will be able to see what type of attacks occurred, what security rules were triggered and how the firewall handled the threats, what Internet protocol addresses the attacks originated from, and so forth. We employ 2 kinds of rules on our servers - commercial ones from a company that operates in the field of web security, and customized ones that our administrators often add to respond to newly found threats in a timely manner.

ModSecurity in Dedicated Servers Hosting

ModSecurity is provided with all dedicated servers which are set up with our Hepsia CP and you'll not need to do anything specific on your end to use it since it is enabled by default every time you include a new domain or subdomain on your server. In the event that it disrupts some of your apps, you'll be able to stop it through the respective part of Hepsia, or you may leave it operating in passive mode, so it'll recognize attacks and will still maintain a log for them, but will not prevent them. You could examine the logs later to find out what you can do to increase the protection of your websites since you'll find info such as where an intrusion attempt came from, what site was attacked and based upon what rule ModSecurity reacted, etcetera. The rules which we use are commercial, hence they're frequently updated by a security company, but to be on the safe side, our admins also add custom rules once in a while in order to deal with any new threats they have discovered.