ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It is used to prevent attacks against script-driven websites through the use of security rules which contain certain expressions. That way, the firewall can prevent hacking and spamming attempts and preserve even sites that aren't updated frequently. As an example, a number of unsuccessful login attempts to a script administrative area or attempts to execute a particular file with the objective to get access to the script shall trigger specific rules, so ModSecurity will stop these activities the minute it discovers them. The firewall is quite efficient as it monitors the whole HTTP traffic to a website in real time without slowing it down, so it could prevent an attack before any damage is done. It additionally maintains a very detailed log of all attack attempts which includes more information than standard Apache logs, so you could later analyze the data and take further measures to enhance the security of your websites if necessary.

ModSecurity in Web Hosting

ModSecurity is available with every web hosting plan that we offer and it is turned on by default for every domain or subdomain that you include via your Hepsia Control Panel. In case it interferes with any of your programs or you would like to disable it for whatever reason, you shall be able to do this through the ModSecurity section of Hepsia with just a mouse click. You can also use a passive mode, so the firewall will identify potential attacks and maintain a log, but won't take any action. You can view detailed logs in the exact same section, including the IP where the attack came from, what exactly the attacker aimed to do and at what time, what ModSecurity did, etcetera. For max security of our clients we use a set of commercial firewall rules blended with custom ones that are included by our system admins.

ModSecurity in Semi-dedicated Servers

ModSecurity is part of our semi-dedicated server packages and if you opt to host your Internet sites with our company, there won't be anything special you will have to do as the firewall is switched on by default for all domains and subdomains that you include through your hosting CP. If necessary, you can disable ModSecurity for a particular website or enable the so-called detection mode in which case the firewall shall still function and record information, but won't do anything to stop potential attacks on your Internet sites. Thorough logs will be readily available within your CP and you will be able to see what type of attacks occurred, what security rules were triggered and how the firewall handled the threats, what IP addresses the attacks came from, etc. We use 2 types of rules on our servers - commercial ones from an organization that operates in the field of web security, and customized ones that our admins often add to respond to newly found threats on time.

ModSecurity in Dedicated Servers

ModSecurity comes with all dedicated servers that are integrated with our Hepsia CP and you'll not need to do anything specific on your end to use it since it's turned on by default whenever you add a new domain or subdomain on your web server. In the event that it disrupts some of your programs, you'll be able to stop it via the respective area of Hepsia, or you could leave it working in passive mode, so it'll identify attacks and shall still maintain a log for them, but will not prevent them. You may analyze the logs later to learn what you can do to enhance the safety of your websites as you'll find information such as where an intrusion attempt originated from, what Internet site was attacked and based upon what rule ModSecurity reacted, etc. The rules which we use are commercial, hence they are constantly updated by a security provider, but to be on the safe side, our admins also include custom rules occasionally in order to react to any new threats they have discovered.