ModSecurity is a plugin for Apache web servers which functions as a web application layer firewall. It is employed to prevent attacks against script-driven websites by using security rules that contain certain expressions. In this way, the firewall can prevent hacking and spamming attempts and protect even websites which are not updated often. As an example, numerous unsuccessful login attempts to a script administrator area or attempts to execute a certain file with the purpose to get access to the script will trigger certain rules, so ModSecurity will stop these activities the moment it discovers them. The firewall is incredibly efficient because it monitors the entire HTTP traffic to an Internet site in real time without slowing it down, so it can stop an attack before any harm is done. It furthermore maintains an incredibly thorough log of all attack attempts that contains more information than standard Apache logs, so you can later examine the data and take additional measures to increase the security of your sites if required.
ModSecurity in Shared Hosting
We provide ModSecurity with all shared hosting plans, so your web applications will be resistant to destructive attacks. The firewall is switched on as standard for all domains and subdomains, but if you would like, you'll be able to stop it using the respective part of your Hepsia CP. You could also switch on a detection mode, so ModSecurity shall keep a log as intended, but won't take any action. The logs which you'll find in Hepsia are quite detailed and offer info about the nature of any attack, when it happened and from what IP, the firewall rule which was triggered, and so forth. We use a range of commercial rules which are often updated, but sometimes our admins include custom rules as well in order to better protect the sites hosted on our machines.
ModSecurity in Semi-dedicated Hosting
All semi-dedicated hosting solutions which we offer include ModSecurity and given that the firewall is switched on by default, any Internet site that you set up under a domain or a subdomain will be secured straight away. An individual section inside the Hepsia CP which comes with the semi-dedicated accounts is devoted to ModSecurity and it'll allow you to start and stop the firewall for any Internet site or switch on a detection mode. With the last option, ModSecurity won't take any action, but it shall still detect possible attacks and will keep all data in a log as if it were fully active. The logs can be found in the very same section of the Control Panel and they include information regarding the IP where an attack originated from, what its nature was, what rule ModSecurity applies to recognize and stop it, etcetera. The security rules we employ on our web servers are a mix between commercial ones from a security company and custom ones made by our system admins. For that reason, we offer increased security for your web apps as we can defend them from attacks even before security corporations release updates for new threats.
ModSecurity in VPS Web Hosting
ModSecurity is pre-installed on all virtual private servers that are provided with the Hepsia hosting CP, so your web programs shall be protected from the second your server is in a position. The firewall is turned on by default for any domain or subdomain on the VPS, but if needed, you'll be able to disable it with a click of your mouse from the corresponding section of Hepsia. You may also set it to function in detection mode, so it will keep a detailed log of any possible attacks without taking any action to prevent them. The logs can be found inside the same section and provide info about the nature of the attack, what IP address it originated from and what ModSecurity rule was initiated to stop it. For maximum security, we employ not simply commercial rules from a business operating in the field of web security, but also custom ones that our administrators add manually so as to respond to new threats which are still not tackled in the commercial rules.
ModSecurity in Dedicated Servers Hosting
If you opt to host your sites on a dedicated server with the Hepsia CP, your web applications shall be secured right from the start since ModSecurity is supplied with all Hepsia-based packages. You will be able to control the firewall easily and if needed, you will be able to turn it off or activate its passive mode when it'll only keep a log of what's going on without taking any action to prevent potential attacks. The logs that you can find in the very same section of the CP are very detailed and feature information about the attacker IP address, what site and file were attacked and in what way, what rule the firewall used to prevent the intrusion, etc. This data will enable you to take measures and boost the protection of your Internet sites even more. To be on the safe side, we employ not just commercial rules, but also custom-made ones which our admins include when they identify attacks which have not yet been included inside the commercial pack.