ModSecurity is a plugin for Apache web servers which acts as a web application layer firewall. It's used to prevent attacks toward script-driven Internet sites through the use of security rules that contain specific expressions. That way, the firewall can block hacking and spamming attempts and protect even sites that aren't updated regularly. For instance, several failed login attempts to a script administrator area or attempts to execute a specific file with the purpose to get access to the script shall trigger specific rules, so ModSecurity shall block these activities the moment it identifies them. The firewall is extremely efficient since it tracks the entire HTTP traffic to an Internet site in real time without slowing it down, so it will be able to prevent an attack before any harm is done. It also keeps a very detailed log of all attack attempts that includes more information than traditional Apache logs, so you could later examine the data and take further measures to boost the security of your Internet sites if required.
ModSecurity in Web Hosting
ModSecurity is available with every single web hosting solution that we offer and it is activated by default for any domain or subdomain which you include through your Hepsia Control Panel. In case it interferes with any of your applications or you'd like to disable it for some reason, you shall be able to achieve that through the ModSecurity area of Hepsia with only a click. You could also enable a passive mode, so the firewall will discover possible attacks and keep a log, but will not take any action. You can see extensive logs in the very same section, including the IP address where the attack originated from, what exactly the attacker attempted to do and at what time, what ModSecurity did, and so forth. For maximum safety of our customers we use a group of commercial firewall rules mixed with custom ones which are included by our system admins.
ModSecurity in Semi-dedicated Servers
All semi-dedicated server solutions that we offer include ModSecurity and because the firewall is switched on by default, any website which you create under a domain or a subdomain shall be secured right from the start. An individual section within the Hepsia CP that comes with the semi-dedicated accounts is devoted to ModSecurity and it will allow you to start and stop the firewall for any site or switch on a detection mode. With the latter, ModSecurity won't take any action, but it shall still identify possible attacks and shall keep all data in a log as if it were completely active. The logs can be found inside the very same section of the Control Panel and they include info about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to detect and stop it, etcetera. The security rules we employ on our machines are a mix between commercial ones from a security company and custom ones developed by our system administrators. For that reason, we offer higher security for your web apps as we can shield them from attacks even before security firms release updates for new threats.
ModSecurity in VPS Servers
All VPS servers that are provided with the Hepsia Control Panel come with ModSecurity. The firewall is set up and turned on by default for all domains that are hosted on the server, so there will not be anything special which you'll have to do to protect your websites. It shall take you simply a mouse click to stop ModSecurity if required or to switch on its passive mode so that it records what happens without taking any measures to prevent intrusions. You'll be able to view the logs generated in passive or active mode through the corresponding section of Hepsia and discover more about the type of the attack, where it came from, what rule the firewall employed to take care of it, etcetera. We employ a combination of commercial and custom rules in order to make certain that ModSecurity shall stop as many risks as possible, thus improving the security of your web programs as much as possible.
ModSecurity in Dedicated Servers
ModSecurity comes with all dedicated servers that are set up with our Hepsia CP and you'll not need to do anything specific on your end to use it because it's turned on by default every time you add a new domain or subdomain on your web server. In case it interferes with some of your programs, you will be able to stop it via the respective area of Hepsia, or you may leave it in passive mode, so it will recognize attacks and will still maintain a log for them, but will not stop them. You can analyze the logs later to determine what you can do to increase the protection of your websites since you will find details such as where an intrusion attempt came from, what Internet site was attacked and based upon what rule ModSecurity responded, and so on. The rules we employ are commercial, thus they're frequently updated by a security provider, but to be on the safe side, our administrators also include custom rules once in a while in order to react to any new threats they have discovered.