ModSecurity is a plugin for Apache web servers which acts as a web application layer firewall. It is employed to prevent attacks against script-driven websites by employing security rules which contain particular expressions. That way, the firewall can stop hacking and spamming attempts and preserve even sites that aren't updated regularly. For instance, a number of failed login attempts to a script administrative area or attempts to execute a particular file with the purpose to get access to the script will trigger certain rules, so ModSecurity will stop these activities the minute it detects them. The firewall is very efficient as it tracks the whole HTTP traffic to an Internet site in real time without slowing it down, so it could prevent an attack before any harm is done. It also maintains an incredibly comprehensive log of all attack attempts which contains more info than traditional Apache logs, so you can later examine the data and take further measures to improve the security of your Internet sites if needed.

ModSecurity in Cloud Hosting

We offer ModSecurity with all cloud hosting solutions, so your web apps shall be shielded from malicious attacks. The firewall is activated by default for all domains and subdomains, but if you would like, you will be able to stop it via the respective area of your Hepsia CP. You could also activate a detection mode, so ModSecurity shall keep a log as intended, but won't take any action. The logs that you'll find inside Hepsia are quite detailed and include information about the nature of any attack, when it occurred and from what IP address, the firewall rule which was triggered, etcetera. We employ a group of commercial rules which are often updated, but sometimes our admins include custom rules as well in order to efficiently protect the sites hosted on our machines.

ModSecurity in Semi-dedicated Servers

ModSecurity is part of our semi-dedicated server plans and if you opt to host your websites with our company, there shall not be anything special you will have to do as the firewall is turned on by default for all domains and subdomains which you include through your hosting CP. If necessary, you can disable ModSecurity for a particular site or turn on the so-called detection mode in which case the firewall will still operate and record data, but won't do anything to stop possible attacks against your websites. Comprehensive logs shall be available within your Control Panel and you will be able to see which kind of attacks happened, what security rules were triggered and how the firewall addressed the threats, what Internet protocol addresses the attacks originated from, and so on. We use 2 sorts of rules on our servers - commercial ones from a company which operates in the field of web security, and custom ones which our admins sometimes add to respond to newly found threats promptly.

ModSecurity in Dedicated Servers

ModSecurity is provided by default with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain that you create on the hosting server. In the event that a web application doesn't function correctly, you could either turn off the firewall or set it to operate in passive mode. The second means that ModSecurity will maintain a log of any possible attack which may happen, but shall not take any action to stop it. The logs created in passive or active mode shall present you with more details about the exact file which was attacked, the type of the attack and the IP it came from, and so forth. This data shall enable you to determine what steps you can take to improve the safety of your sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules we use are updated frequently with a commercial package from a third-party security firm we work with, but oftentimes our administrators add their own rules too when they come across a new potential threat.