ModSecurity is a plugin for Apache web servers that functions as a web app layer firewall. It's used to stop attacks against script-driven websites through the use of security rules that contain certain expressions. That way, the firewall can stop hacking and spamming attempts and protect even Internet sites that are not updated on a regular basis. For instance, several failed login attempts to a script administrator area or attempts to execute a certain file with the intention to get access to the script shall trigger particular rules, so ModSecurity shall stop these activities the instant it identifies them. The firewall is very efficient because it monitors the whole HTTP traffic to a website in real time without slowing it down, so it could prevent an attack before any damage is done. It furthermore keeps an incredibly detailed log of all attack attempts which contains more information than standard Apache logs, so you can later examine the data and take further measures to improve the security of your Internet sites if required.

ModSecurity in Shared Website Hosting

ModSecurity can be found with each shared website hosting solution which we provide and it's activated by default for any domain or subdomain which you include via your Hepsia CP. In the event that it interferes with any of your programs or you'd like to disable it for whatever reason, you will be able to achieve that through the ModSecurity area of Hepsia with merely a click. You can also activate a passive mode, so the firewall will discover potential attacks and maintain a log, but won't take any action. You'll be able to view comprehensive logs in the same section, including the IP address where the attack originated from, exactly what the attacker aimed to do and at what time, what ModSecurity did, and so forth. For max protection of our customers we use a collection of commercial firewall rules mixed with custom ones that are provided by our system administrators.

ModSecurity in Semi-dedicated Servers

ModSecurity is part of our semi-dedicated server packages and if you opt to host your websites with our company, there will not be anything special you'll have to do given that the firewall is activated by default for all domains and subdomains that you add via your hosting Control Panel. If required, you can disable ModSecurity for a given site or turn on the so-called detection mode in which case the firewall shall still operate and record data, but will not do anything to prevent possible attacks against your websites. Thorough logs shall be available in your CP and you shall be able to see what type of attacks occurred, what security rules were triggered and how the firewall addressed the threats, what IP addresses the attacks originated from, and so on. We use two types of rules on our servers - commercial ones from an organization which operates in the field of web security, and custom ones which our admins occasionally include to respond to newly identified risks on time.

ModSecurity in VPS Servers

Safety is essential to us, so we install ModSecurity on all VPS servers which are made available with the Hepsia CP by default. The firewall could be managed via a dedicated section inside Hepsia and is activated automatically when you add a new domain or create a subdomain, so you'll not have to do anything by hand. You'll also be able to disable it or activate the so-called detection mode, so it shall maintain a log of potential attacks you can later examine, but won't stop them. The logs in both passive and active modes offer information regarding the kind of the attack and how it was stopped, what IP it came from and other valuable information that may help you to tighten the security of your sites by updating them or blocking IPs, as an example. On top of the commercial rules which we get for ModSecurity from a third-party security enterprise, we also implement our own rules since once in a while we find specific attacks which are not yet present inside the commercial package. This way, we could improve the security of your Virtual private server immediately rather than awaiting a certified update.

ModSecurity in Dedicated Servers

ModSecurity is available by default with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain you create on the server. Just in case that a web application does not operate adequately, you can either switch off the firewall or set it to operate in passive mode. The second means that ModSecurity shall keep a log of any possible attack which might happen, but won't take any action to prevent it. The logs produced in active or passive mode shall offer you more details about the exact file that was attacked, the nature of the attack and the IP address it originated from, etcetera. This info will allow you to choose what measures you can take to boost the security of your Internet sites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules which we use are updated regularly with a commercial package from a third-party security company we work with, but sometimes our administrators include their own rules also in the event that they come across a new potential threat.