ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It's used to prevent attacks towards script-driven sites by using security rules that contain specific expressions. This way, the firewall can prevent hacking and spamming attempts and shield even websites that are not updated often. As an example, a number of unsuccessful login attempts to a script administrator area or attempts to execute a particular file with the intention to get access to the script shall trigger specific rules, so ModSecurity shall block these activities the moment it identifies them. The firewall is very efficient since it tracks the entire HTTP traffic to a site in real time without slowing it down, so it can easily prevent an attack before any damage is done. It also maintains an exceptionally comprehensive log of all attack attempts that contains more information than traditional Apache logs, so you could later check out the data and take extra measures to improve the security of your sites if necessary.

ModSecurity in Website Hosting

ModSecurity is available with each website hosting package that we provide and it's activated by default for every domain or subdomain which you add through your Hepsia Control Panel. If it disrupts any of your programs or you would like to disable it for whatever reason, you shall be able to achieve that through the ModSecurity section of Hepsia with only a mouse click. You may also activate a passive mode, so the firewall will identify potential attacks and keep a log, but shall not take any action. You can view extensive logs in the very same section, including the IP where the attack originated from, exactly what the attacker attempted to do and at what time, what ModSecurity did, etcetera. For max protection of our customers we use a set of commercial firewall rules combined with custom ones that are added by our system administrators.

ModSecurity in Semi-dedicated Servers

Any web program which you set up within your new semi-dedicated server account will be protected by ModSecurity as the firewall is provided with all our hosting packages and is turned on by default for any domain and subdomain which you add or create via your Hepsia hosting CP. You will be able to manage ModSecurity through a dedicated section inside Hepsia where not only can you activate or deactivate it completely, but you may also enable a passive mode, so the firewall will not stop anything, but it shall still keep an archive of possible attacks. This requires simply a click and you will be able to look at the logs regardless if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was dealt with, etcetera. The firewall uses two groups of rules on our web servers - a commercial one which we get from a third-party web security company and a custom one which our administrators update manually in order to respond to newly discovered risks as quickly as possible.

ModSecurity in VPS Servers

All VPS servers which are offered with the Hepsia Control Panel come with ModSecurity. The firewall is installed and activated by default for all domains which are hosted on the web server, so there will not be anything special that you'll have to do to protect your websites. It will take you simply a mouse click to stop ModSecurity if needed or to switch on its passive mode so that it records what goes on without taking any actions to prevent intrusions. You shall be able to view the logs produced in passive or active mode from the corresponding section of Hepsia and find out more about the type of the attack, where it came from, what rule the firewall employed to take care of it, and so forth. We employ a mix of commercial and custom rules so as to make sure that ModSecurity shall block out as many risks as possible, therefore boosting the protection of your web applications as much as possible.

ModSecurity in Dedicated Servers

ModSecurity is included with all dedicated servers that are integrated with our Hepsia CP and you'll not need to do anything specific on your end to employ it because it's turned on by default whenever you include a new domain or subdomain on your hosting server. In case it disrupts some of your applications, you shall be able to stop it through the respective part of Hepsia, or you can leave it working in passive mode, so it will identify attacks and will still keep a log for them, but shall not block them. You may look at the logs later to find out what you can do to increase the protection of your sites as you'll find information such as where an intrusion attempt came from, what site was attacked and in accordance with what rule ModSecurity reacted, etcetera. The rules we use are commercial, hence they are frequently updated by a security firm, but to be on the safe side, our admins also add custom rules from time to time as to react to any new threats they have identified.