ModSecurity is a plugin for Apache web servers which acts as a web application layer firewall. It's used to prevent attacks toward script-driven websites through the use of security rules that contain particular expressions. That way, the firewall can prevent hacking and spamming attempts and protect even sites which aren't updated frequently. For instance, a number of failed login attempts to a script admin area or attempts to execute a particular file with the objective to get access to the script will trigger particular rules, so ModSecurity shall stop these activities the moment it identifies them. The firewall is very efficient since it tracks the whole HTTP traffic to an Internet site in real time without slowing it down, so it can prevent an attack before any damage is done. It furthermore maintains an incredibly comprehensive log of all attack attempts which features more info than conventional Apache logs, so you can later examine the data and take additional measures to boost the security of your sites if needed.

ModSecurity in Cloud Hosting

ModSecurity is provided with all cloud hosting web servers, so if you decide to host your Internet sites with our organization, they shall be resistant to a wide array of attacks. The firewall is turned on as standard for all domains and subdomains, so there shall be nothing you shall need to do on your end. You'll be able to stop ModSecurity for any Internet site if needed, or to activate a detection mode, so that all activity will be recorded, but the firewall won't take any real action. You shall be able to view detailed logs from your Hepsia Control Panel including the IP address where the attack originated from, what the attacker wanted to do and how ModSecurity handled the threat. Since we take the security of our customers' sites very seriously, we use a selection of commercial rules that we take from one of the top firms that maintain this kind of rules. Our administrators also add custom rules to ensure that your Internet sites will be shielded from as many risks as possible.

ModSecurity in Semi-dedicated Hosting

ModSecurity is part of our semi-dedicated hosting plans and if you decide to host your sites with our company, there won't be anything special you will have to do given that the firewall is activated by default for all domains and subdomains that you add through your hosting CP. If required, you can disable ModSecurity for a given Internet site or turn on the so-called detection mode in which case the firewall will still work and record information, but won't do anything to prevent potential attacks against your websites. In depth logs shall be readily available within your CP and you shall be able to see what type of attacks happened, what security rules were triggered and how the firewall addressed the threats, what Internet protocol addresses the attacks originated from, and so forth. We use two kinds of rules on our servers - commercial ones from a firm that operates in the field of web security, and customized ones that our admins sometimes add to respond to newly found risks promptly.

ModSecurity in VPS Hosting

ModSecurity is provided with all Hepsia-based virtual private servers we offer and it will be turned on automatically for every new domain or subdomain which you include on the hosting server. This way, any web app that you install will be secured right from the start without doing anything personally on your end. The firewall can be managed via the section of the Control Panel that has the same name. This is the place whereyou could switch off ModSecurity or enable its passive mode, so it shall not take any action toward threats, but will still keep a detailed log. The recorded data is available within the same section as well and you'll be able to see what IPs any attacks originated from to enable you to block them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity responded. The rules we employ on our servers are a blend between commercial ones that we get from a security organization and custom ones which are added by our staff to maximize the security of any web applications hosted on our end.

ModSecurity in Dedicated Web Hosting

ModSecurity is provided with all dedicated servers that are set up with our Hepsia CP and you'll not have to do anything specific on your end to use it because it is enabled by default whenever you include a new domain or subdomain on your web server. In the event that it interferes with any of your applications, you will be able to stop it through the respective area of Hepsia, or you could leave it working in passive mode, so it will identify attacks and shall still maintain a log for them, but won't stop them. You'll be able to examine the logs later to find out what you can do to increase the safety of your websites as you'll find info such as where an intrusion attempt originated from, what site was attacked and based upon what rule ModSecurity responded, and so forth. The rules which we employ are commercial, hence they are regularly updated by a security company, but to be on the safe side, our administrators also include custom rules from time to time as to deal with any new threats they have discovered.