ModSecurity is a plugin for Apache web servers that functions as a web app layer firewall. It's used to prevent attacks toward script-driven Internet sites by using security rules that contain certain expressions. This way, the firewall can stop hacking and spamming attempts and shield even sites that aren't updated often. For example, multiple failed login attempts to a script administrative area or attempts to execute a particular file with the objective to get access to the script will trigger particular rules, so ModSecurity shall block these activities the moment it identifies them. The firewall is very efficient because it monitors the entire HTTP traffic to a site in real time without slowing it down, so it can stop an attack before any damage is done. It additionally keeps an incredibly detailed log of all attack attempts that features more info than conventional Apache logs, so you can later check out the data and take extra measures to boost the security of your websites if necessary.

ModSecurity in Hosting

We provide ModSecurity with all hosting packages, so your web applications shall be protected against destructive attacks. The firewall is turned on as standard for all domains and subdomains, but if you would like, you shall be able to stop it using the respective section of your Hepsia Control Panel. You can also activate a detection mode, so ModSecurity will keep a log as intended, but won't take any action. The logs which you shall discover in Hepsia are quite detailed and offer information about the nature of any attack, when it occurred and from what IP, the firewall rule that was triggered, and so on. We use a set of commercial rules that are regularly updated, but sometimes our admins include custom rules as well in order to efficiently protect the websites hosted on our servers.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server solutions that we offer include ModSecurity and because the firewall is switched on by default, any Internet site that you build under a domain or a subdomain shall be secured immediately. An independent section inside the Hepsia Control Panel that comes with the semi-dedicated accounts is dedicated to ModSecurity and it will enable you to stop and start the firewall for any Internet site or switch on a detection mode. With the last option, ModSecurity won't take any action, but it'll still detect possible attacks and will keep all data within a log as if it were completely active. The logs could be found inside the very same section of the CP and they offer information regarding the IP where an attack originated from, what its nature was, what rule ModSecurity applies to detect and stop it, etc. The security rules which we employ on our servers are a mix between commercial ones from a security firm and custom ones created by our system admins. Therefore, we provide increased security for your web apps as we can defend them from attacks even before security companies release updates for completely new threats.

ModSecurity in VPS Servers

Protection is very important to us, so we set up ModSecurity on all VPS servers which are made available with the Hepsia Control Panel as a standard. The firewall can be managed through a dedicated section inside Hepsia and is turned on automatically when you include a new domain or create a subdomain, so you will not need to do anything by hand. You'll also be able to disable it or turn on the so-called detection mode, so it will keep a log of possible attacks which you can later examine, but won't prevent them. The logs in both passive and active modes contain info about the form of the attack and how it was stopped, what IP address it came from and other important information which could help you to tighten the security of your sites by updating them or blocking IPs, for instance. In addition to the commercial rules that we get for ModSecurity from a third-party security enterprise, we also implement our own rules since occasionally we discover specific attacks which aren't yet present inside the commercial pack. This way, we can easily boost the security of your VPS right away as opposed to awaiting an official update.

ModSecurity in Dedicated Servers

ModSecurity is available by default with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain that you create on the hosting server. In case that a web application does not function adequately, you could either turn off the firewall or set it to function in passive mode. The latter means that ModSecurity shall maintain a log of any possible attack which could happen, but shall not take any action to stop it. The logs generated in passive or active mode shall provide you with additional details about the exact file that was attacked, the type of the attack and the IP address it originated from, etcetera. This information shall allow you to decide what actions you can take to boost the security of your Internet sites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules we employ are updated constantly with a commercial package from a third-party security firm we work with, but from time to time our administrators add their own rules as well in case they discover a new potential threat.