ModSecurity is a plugin for Apache web servers which functions as a web application layer firewall. It's used to prevent attacks against script-driven sites by using security rules which contain specific expressions. This way, the firewall can block hacking and spamming attempts and shield even sites which are not updated on a regular basis. For instance, several unsuccessful login attempts to a script admin area or attempts to execute a specific file with the objective to get access to the script will trigger certain rules, so ModSecurity shall block these activities the minute it detects them. The firewall is incredibly efficient as it monitors the entire HTTP traffic to a site in real time without slowing it down, so it will be able to prevent an attack before any damage is done. It furthermore keeps an incredibly detailed log of all attack attempts that contains more info than typical Apache logs, so you can later examine the data and take further measures to enhance the security of your Internet sites if needed.

ModSecurity in Shared Web Hosting

ModSecurity is offered with each and every shared web hosting solution that we provide and it is activated by default for every domain or subdomain that you add through your Hepsia Control Panel. In case it disrupts any of your applications or you would like to disable it for some reason, you shall be able to do this through the ModSecurity area of Hepsia with simply a mouse click. You can also use a passive mode, so the firewall will discover possible attacks and keep a log, but won't take any action. You can view detailed logs in the same section, including the IP where the attack originated from, what precisely the attacker aimed to do and at what time, what ModSecurity did, etc. For optimum security of our clients we use a collection of commercial firewall rules blended with custom ones which are added by our system administrators.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server solutions that we offer feature ModSecurity and since the firewall is turned on by default, any website you build under a domain or a subdomain will be secured straight away. An individual section inside the Hepsia Control Panel that comes with the semi-dedicated accounts is dedicated to ModSecurity and it'll enable you to stop and start the firewall for any Internet site or enable a detection mode. With the last mentioned, ModSecurity shall not take any action, but it'll still identify possible attacks and will keep all information within a log as if it were fully active. The logs can be found within the exact same section of the Control Panel and they include information regarding the IP where an attack came from, what its nature was, what rule ModSecurity applies to recognize and stop it, etcetera. The security rules which we employ on our web servers are a mix between commercial ones from a security company and custom ones created by our system administrators. For that reason, we provide increased security for your web programs as we can shield them from attacks before security firms release updates for completely new threats.

ModSecurity in Dedicated Servers

ModSecurity is provided as standard with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain which you create on the web server. In case that a web application does not work properly, you may either switch off the firewall or set it to operate in passive mode. The second means that ModSecurity shall maintain a log of any potential attack that could take place, but will not take any action to stop it. The logs generated in passive or active mode shall present you with more details about the exact file that was attacked, the form of the attack and the IP address it originated from, etc. This information shall enable you to determine what actions you can take to improve the protection of your Internet sites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules which we use are updated constantly with a commercial bundle from a third-party security enterprise we work with, but sometimes our administrators include their own rules too if they discover a new potential threat.