ModSecurity is a plugin for Apache web servers which functions as a web application layer firewall. It's used to stop attacks toward script-driven websites through the use of security rules that contain specific expressions. This way, the firewall can stop hacking and spamming attempts and protect even sites that aren't updated frequently. For instance, multiple failed login attempts to a script admin area or attempts to execute a specific file with the intention to get access to the script shall trigger specific rules, so ModSecurity shall stop these activities the instant it identifies them. The firewall is extremely efficient since it tracks the whole HTTP traffic to a site in real time without slowing it down, so it could prevent an attack before any harm is done. It furthermore keeps a very comprehensive log of all attack attempts that features more information than conventional Apache logs, so you can later examine the data and take extra measures to boost the security of your websites if necessary.

ModSecurity in Cloud Hosting

ModSecurity is offered with every single cloud hosting package that we provide and it is activated by default for every domain or subdomain which you include via your Hepsia Control Panel. If it interferes with any of your apps or you would like to disable it for any reason, you will be able to accomplish that through the ModSecurity section of Hepsia with only a mouse click. You can also activate a passive mode, so the firewall will recognize potential attacks and keep a log, but will not take any action. You can see extensive logs in the same section, including the IP address where the attack originated from, what exactly the attacker attempted to do and at what time, what ModSecurity did, and so forth. For maximum security of our clients we use a group of commercial firewall rules mixed with custom ones that are included by our system admins.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting solutions which we offer feature ModSecurity and since the firewall is enabled by default, any website which you create under a domain or a subdomain will be secured right from the start. An individual section in the Hepsia Control Panel which comes with the semi-dedicated accounts is dedicated to ModSecurity and it shall enable you to stop and start the firewall for any website or enable a detection mode. With the last mentioned, ModSecurity shall not take any action, but it will still identify possible attacks and shall keep all info in a log as if it were fully active. The logs could be found within the same section of the CP and they feature info about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to detect and stop it, etc. The security rules we employ on our machines are a mix of commercial ones from a security business and custom ones developed by our system admins. For that reason, we provide higher security for your web apps as we can protect them from attacks before security corporations release updates for new threats.

ModSecurity in VPS

ModSecurity is pre-installed on all virtual private servers which are provided with the Hepsia hosting CP, so your web apps will be protected from the moment your server is in a position. The firewall is activated by default for any domain or subdomain on the Virtual Private Server, but if necessary, you can disable it with a mouse click through the corresponding section of Hepsia. You could also set it to operate in detection mode, so it will maintain a comprehensive log of any possible attacks without taking any action to prevent them. The logs are available within the same section and include details about the nature of the attack, what IP it originated from and what ModSecurity rule was triggered to stop it. For maximum security, we employ not just commercial rules from a business working in the field of web security, but also custom ones which our administrators add manually so as to react to new threats which are still not tackled in the commercial rules.

ModSecurity in Dedicated Hosting

If you decide to host your websites on a dedicated server with the Hepsia CP, your web apps shall be protected right from the start because ModSecurity is available with all Hepsia-based packages. You'll be able to manage the firewall effortlessly and if needed, you shall be able to turn it off or enable its passive mode when it'll only keep a log of what is going on without taking any action to prevent potential attacks. The logs which you'll find within the same section of the Control Panel are really detailed and include information about the attacker IP, what website and file were attacked and in what way, what rule the firewall used to prevent the intrusion, etcetera. This data will allow you to take measures and enhance the protection of your Internet sites even more. To be on the safe side, we use not only commercial rules, but also custom-made ones which our staff add every time they recognize attacks that have not yet been included inside the commercial pack.