ModSecurity is a plugin for Apache web servers that functions as a web app layer firewall. It's used to stop attacks toward script-driven Internet sites through the use of security rules that contain particular expressions. In this way, the firewall can block hacking and spamming attempts and protect even sites that are not updated regularly. As an example, numerous unsuccessful login attempts to a script admin area or attempts to execute a certain file with the intention to get access to the script will trigger specific rules, so ModSecurity shall block these activities the minute it discovers them. The firewall is extremely efficient since it monitors the whole HTTP traffic to a website in real time without slowing it down, so it can stop an attack before any harm is done. It also keeps a very detailed log of all attack attempts that includes more info than conventional Apache logs, so you can later analyze the data and take further measures to enhance the security of your Internet sites if needed.
ModSecurity in Shared Hosting
ModSecurity is supplied with all shared hosting
machines, so if you decide to host your Internet sites with our organization, they will be protected against an array of attacks. The firewall is enabled as standard for all domains and subdomains, so there will be nothing you shall need to do on your end. You will be able to stop ModSecurity for any Internet site if needed, or to switch on a detection mode, so that all activity will be recorded, but the firewall shall not take any real action. You will be able to view detailed logs from your Hepsia Control Panel including the IP address where the attack came from, what the attacker wanted to do and how ModSecurity addressed the threat. Since we take the protection of our customers' Internet sites seriously, we use a selection of commercial rules that we get from one of the best companies which maintain such rules. Our administrators also add custom rules to ensure that your Internet sites shall be protected against as many risks as possible.
ModSecurity in Semi-dedicated Hosting
We've integrated ModSecurity as a standard inside all semi-dedicated hosting
packages, so your web applications will be protected whenever you set them up under any domain or subdomain. The Hepsia CP which comes with the semi-dedicated accounts shall allow you to enable or disable the firewall for any website with a mouse click. You shall also have the ability to switch on a passive detection mode through which ModSecurity shall maintain a log of potential attacks without really stopping them. The comprehensive logs include the nature of the attack and what ModSecurity response this attack initiated, where it originated from, etcetera. The list of rules which we employ is regularly updated as to match any new threats which could appear on the Internet and it comes with both commercial rules that we get from a security firm and custom-written ones that our admins add in the event that they find a threat that's not present inside the commercial list yet.
ModSecurity in VPS Web Hosting
Protection is very important to us, so we set up ModSecurity on all virtual private servers
that are made available with the Hepsia CP as a standard. The firewall could be managed through a dedicated section in Hepsia and is switched on automatically when you include a new domain or create a subdomain, so you will not have to do anything by hand. You shall also be able to disable it or activate the so-called detection mode, so it will keep a log of potential attacks you can later study, but won't stop them. The logs in both passive and active modes contain information about the type of the attack and how it was stopped, what IP address it came from and other important info that may help you to tighten the security of your Internet sites by updating them or blocking IPs, as an example. In addition to the commercial rules we get for ModSecurity from a third-party security company, we also use our own rules since occasionally we discover specific attacks which aren't yet present within the commercial group. This way, we can enhance the protection of your VPS instantly rather than awaiting an official update.
ModSecurity in Dedicated Servers Hosting
All of our dedicated servers
that are set up with the Hepsia hosting CP come with ModSecurity, so any application that you upload or set up shall be protected from the very beginning and you won't have to stress about common attacks or vulnerabilities. An independent section within Hepsia will permit you to start or stop the firewall for each domain or subdomain, or switch on a detection mode so that it records information about intrusions, but does not take actions to prevent them. What you'll discover in the logs can allow you to to secure your sites better - the IP an attack originated from, what website was attacked as well as how, what ModSecurity rule was triggered, and so on. With this data, you'll be able to see whether a website needs an update, if you ought to block IPs from accessing your hosting server, and so forth. Aside from the third-party commercial security rules for ModSecurity that we use, our admins include custom ones too whenever they discover a new threat that is not yet a part of the commercial bundle.