ModSecurity is a plugin for Apache web servers that functions as a web app layer firewall. It is employed to stop attacks towards script-driven websites by using security rules that contain specific expressions. This way, the firewall can block hacking and spamming attempts and preserve even Internet sites that aren't updated frequently. For example, several unsuccessful login attempts to a script administrative area or attempts to execute a certain file with the purpose to get access to the script shall trigger specific rules, so ModSecurity shall block these activities the second it detects them. The firewall is quite efficient since it screens the entire HTTP traffic to a site in real time without slowing it down, so it can easily stop an attack before any harm is done. It additionally keeps an incredibly detailed log of all attack attempts which contains more info than traditional Apache logs, so you can later analyze the data and take additional measures to boost the security of your sites if necessary.

ModSecurity in Shared Website Hosting

ModSecurity comes standard with all shared website hosting solutions which we provide and it will be turned on automatically for any domain or subdomain that you add/create in your Hepsia hosting CP. The firewall has 3 different modes, so you'll be able to switch on and disable it with a mouse click or set it to detection mode, so it will maintain a log of all attacks, but it shall not do anything to stop them. The log for any of your sites will feature comprehensive info which includes the nature of the attack, where it came from, what action was taken by ModSecurity, etc. The firewall rules that we use are constantly updated and comprise of both commercial ones which we get from a third-party security firm and custom ones that our system administrators add in the event that they detect a new kind of attacks. This way, the sites which you host here will be a lot more protected with no action required on your end.

ModSecurity in Semi-dedicated Hosting

We have incorporated ModSecurity by default within all semi-dedicated hosting products, so your web applications shall be protected as soon as you set them up under any domain or subdomain. The Hepsia Control Panel that is included with the semi-dedicated accounts will permit you to switch on or turn off the firewall for any website with a mouse click. You will also be able to activate a passive detection mode through which ModSecurity shall maintain a log of possible attacks without actually stopping them. The detailed logs include the nature of the attack and what ModSecurity response that attack generated, where it came from, etc. The list of rules we employ is constantly updated as to match any new risks which may appear on the Internet and it features both commercial rules that we get from a security company and custom-written ones which our admins add if they discover a threat which is not present within the commercial list yet.

ModSecurity in Dedicated Servers Hosting

All our dedicated servers that are installed with the Hepsia hosting Control Panel come with ModSecurity, so any application which you upload or set up will be properly secured from the very beginning and you won't have to concern yourself with common attacks or vulnerabilities. An independent section inside Hepsia will permit you to start or stop the firewall for every domain or subdomain, or switch on a detection mode so that it records details about intrusions, but doesn't take actions to prevent them. What you shall see in the logs can easily help you to secure your Internet sites better - the IP an attack came from, what site was attacked and how, what ModSecurity rule was triggered, etcetera. With this data, you'll be able to see if a website needs an update, if you ought to block IPs from accessing your hosting server, and so forth. Besides the third-party commercial security rules for ModSecurity we use, our admins add custom ones too when they discover a new threat that is not yet in the commercial bundle.