ModSecurity is a plugin for Apache web servers which acts as a web application layer firewall. It's employed to stop attacks towards script-driven sites through the use of security rules which contain certain expressions. This way, the firewall can prevent hacking and spamming attempts and preserve even sites which aren't updated frequently. As an example, a number of failed login attempts to a script admin area or attempts to execute a certain file with the intention to get access to the script shall trigger certain rules, so ModSecurity shall stop these activities the moment it detects them. The firewall is incredibly efficient as it tracks the entire HTTP traffic to a website in real time without slowing it down, so it will be able to stop an attack before any damage is done. It also maintains an exceptionally comprehensive log of all attack attempts which features more information than conventional Apache logs, so you could later check out the data and take extra measures to improve the security of your Internet sites if necessary.

ModSecurity in Shared Website Hosting

ModSecurity comes by default with all shared website hosting solutions which we offer and it shall be switched on automatically for any domain or subdomain that you add/create inside your Hepsia hosting Control Panel. The firewall has three different modes, so you could activate and deactivate it with just a mouse click or set it to detection mode, so it'll maintain a log of all attacks, but it will not do anything to stop them. The log for each of your Internet sites will feature elaborate info including the nature of the attack, where it came from, what action was taken by ModSecurity, etcetera. The firewall rules which we use are regularly updated and incorporate both commercial ones which we get from a third-party security business and custom ones that our system admins include in the event that they detect a new sort of attacks. This way, the websites which you host here will be far more secure without any action required on your end.

ModSecurity in Semi-dedicated Hosting

ModSecurity is a part of our semi-dedicated hosting plans and if you opt to host your sites with our company, there will not be anything special you'll need to do given that the firewall is activated by default for all domains and subdomains which you add via your hosting Control Panel. If necessary, you'll be able to disable ModSecurity for a given website or turn on the so-called detection mode in which case the firewall shall still work and record data, but will not do anything to stop possible attacks on your Internet sites. Thorough logs will be available within your Control Panel and you will be able to see what sort of attacks happened, what security rules were triggered and how the firewall handled the threats, what Internet protocol addresses the attacks came from, etcetera. We employ 2 sorts of rules on our servers - commercial ones from a company which operates in the field of web security, and customized ones which our administrators occasionally add to respond to newly identified risks in a timely manner.

ModSecurity in Dedicated Web Hosting

If you opt to host your sites on a dedicated server with the Hepsia Control Panel, your web apps will be protected right from the start because ModSecurity is provided with all Hepsia-based solutions. You shall be able to control the firewall without difficulty and if necessary, you'll be able to turn it off or switch on its passive mode when it'll only maintain a log of what's occurring without taking any action to prevent potential attacks. The logs that you can find within the exact same section of the Control Panel are extremely detailed and contain data about the attacker IP address, what website and file were attacked and in what way, what rule the firewall employed to stop the intrusion, and so on. This info will enable you to take measures and increase the security of your sites even more. To be on the safe side, we employ not just commercial rules, but also custom-made ones which our staff include every time they recognize attacks that haven't yet been included inside the commercial pack.