ModSecurity is a plugin for Apache web servers which acts as a web application layer firewall. It's employed to prevent attacks against script-driven websites through the use of security rules that contain certain expressions. That way, the firewall can block hacking and spamming attempts and protect even Internet sites that are not updated on a regular basis. For instance, numerous failed login attempts to a script administrative area or attempts to execute a certain file with the purpose to get access to the script shall trigger particular rules, so ModSecurity shall block these activities the minute it identifies them. The firewall is extremely efficient because it monitors the whole HTTP traffic to a website in real time without slowing it down, so it can prevent an attack before any damage is done. It also keeps a very thorough log of all attack attempts that contains more info than traditional Apache logs, so you can later examine the data and take additional measures to enhance the security of your Internet sites if required.
ModSecurity in Cloud Hosting
We offer ModSecurity with all cloud hosting plans, so your Internet apps shall be protected against malicious attacks. The firewall is turned on by default for all domains and subdomains, but if you'd like, you will be able to stop it through the respective area of your Hepsia CP. You could also activate a detection mode, so ModSecurity will keep a log as intended, but won't take any action. The logs which you shall discover within Hepsia are extremely detailed and include info about the nature of any attack, when it occurred and from what IP address, the firewall rule that was triggered, and so on. We employ a set of commercial rules that are often updated, but sometimes our admins add custom rules as well so as to better protect the Internet sites hosted on our machines.
ModSecurity in Semi-dedicated Hosting
All semi-dedicated hosting packages that we offer include ModSecurity and since the firewall is enabled by default, any Internet site which you build under a domain or a subdomain will be protected immediately. An individual section in the Hepsia Control Panel which comes with the semi-dedicated accounts is devoted to ModSecurity and it'll permit you to stop and start the firewall for any site or enable a detection mode. With the latter, ModSecurity will not take any action, but it shall still detect possible attacks and shall keep all data within a log as if it were completely active. The logs can be found in the same section of the Control Panel and they offer information regarding the IP where an attack came from, what its nature was, what rule ModSecurity applies to recognize and stop it, and so forth. The security rules that we use on our servers are a mix between commercial ones from a security company and custom ones made by our system administrators. As a result, we offer greater security for your web programs as we can protect them from attacks before security companies release updates for new threats.
ModSecurity in VPS
Security is very important to us, so we set up ModSecurity on all virtual private servers that are set up with the Hepsia CP by default. The firewall can be managed through a dedicated section within Hepsia and is activated automatically when you add a new domain or create a subdomain, so you will not have to do anything by hand. You will also be able to disable it or switch on the so-called detection mode, so it shall keep a log of possible attacks which you can later study, but will not stop them. The logs in both passive and active modes include info about the form of the attack and how it was prevented, what IP address it originated from and other valuable information that may help you to tighten the security of your Internet sites by updating them or blocking IPs, for example. In addition to the commercial rules which we get for ModSecurity from a third-party security firm, we also implement our own rules as once in a while we discover specific attacks that aren't yet present inside the commercial package. That way, we can easily improve the security of your VPS promptly as opposed to awaiting an official update.
ModSecurity in Dedicated Hosting
If you choose to host your sites on a dedicated server with the Hepsia Control Panel, your web applications shall be secured straight away since ModSecurity is provided with all Hepsia-based solutions. You shall be able to control the firewall effortlessly and if needed, you'll be able to turn it off or activate its passive mode when it shall only maintain a log of what's occurring without taking any action to stop possible attacks. The logs which you will find inside the very same section of the CP are quite detailed and include details about the attacker IP address, what site and file were attacked and in what way, what rule the firewall employed to prevent the intrusion, and so on. This data shall enable you to take measures and increase the protection of your sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones that our administrators include every time they detect attacks that have not yet been included within the commercial pack.