ModSecurity is a plugin for Apache web servers which functions as a web application layer firewall. It's employed to prevent attacks towards script-driven Internet sites through the use of security rules that contain particular expressions. In this way, the firewall can prevent hacking and spamming attempts and shield even sites that aren't updated frequently. For instance, a number of failed login attempts to a script admin area or attempts to execute a particular file with the objective to get access to the script shall trigger particular rules, so ModSecurity will block these activities the minute it identifies them. The firewall is extremely efficient as it monitors the entire HTTP traffic to a site in real time without slowing it down, so it could stop an attack before any harm is done. It furthermore keeps a very thorough log of all attack attempts which includes more information than typical Apache logs, so you could later examine the data and take extra measures to increase the security of your Internet sites if necessary.
ModSecurity in Shared Web Hosting
We provide ModSecurity with all shared web hosting packages, so your web apps will be resistant to harmful attacks. The firewall is switched on by default for all domains and subdomains, but in case you'd like, you will be able to stop it through the respective part of your Hepsia Control Panel. You could also switch on a detection mode, so ModSecurity shall keep a log as intended, but will not take any action. The logs that you'll find inside Hepsia are very detailed and offer info about the nature of any attack, when it transpired and from what IP address, the firewall rule which was triggered, etcetera. We employ a set of commercial rules which are frequently updated, but sometimes our administrators include custom rules as well in order to better protect the Internet sites hosted on our servers.
ModSecurity in Semi-dedicated Hosting
We've incorporated ModSecurity as a standard inside all semi-dedicated hosting products, so your web apps shall be protected the instant you set them up under any domain or subdomain. The Hepsia CP that comes with the semi-dedicated accounts will allow you to switch on or disable the firewall for any Internet site with a click. You'll also have the ability to switch on a passive detection mode in which ModSecurity shall maintain a log of potential attacks without really stopping them. The thorough logs include things like the nature of the attack and what ModSecurity response that attack initiated, where it originated from, etcetera. The list of rules which we employ is constantly updated as to match any new threats which may appear on the Internet and it comes with both commercial rules that we get from a security corporation and custom-written ones that our administrators add in case they discover a threat which is not present in the commercial list yet.
ModSecurity in VPS Web Hosting
Protection is vital to us, so we install ModSecurity on all virtual private servers that are provided with the Hepsia Control Panel by default. The firewall can be managed through a dedicated section inside Hepsia and is switched on automatically when you add a new domain or create a subdomain, so you will not need to do anything personally. You shall also be able to deactivate it or turn on the so-called detection mode, so it will keep a log of possible attacks which you can later study, but won't prevent them. The logs in both passive and active modes offer information about the type of the attack and how it was eliminated, what IP it originated from and other important data that could help you to tighten the security of your Internet sites by updating them or blocking IPs, as an example. On top of the commercial rules which we get for ModSecurity from a third-party security company, we also employ our own rules since from time to time we find specific attacks which aren't yet present in the commercial package. This way, we can easily increase the protection of your VPS promptly instead of awaiting an official update.
ModSecurity in Dedicated Servers Hosting
If you choose to host your sites on a dedicated server with the Hepsia Control Panel, your web applications shall be secured right from the start since ModSecurity is supplied with all Hepsia-based solutions. You shall be able to regulate the firewall effortlessly and if necessary, you shall be able to turn it off or enable its passive mode when it will only maintain a log of what's happening without taking any action to prevent potential attacks. The logs that you can find in the very same section of the CP are quite detailed and contain data about the attacker IP, what website and file were attacked and in what way, what rule the firewall used to prevent the intrusion, etcetera. This data will allow you to take measures and improve the protection of your Internet sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones that our admins include whenever they detect attacks which have not yet been included within the commercial pack.