ModSecurity is a plugin for Apache web servers that acts as a web app layer firewall. It is used to prevent attacks towards script-driven sites by using security rules that contain certain expressions. In this way, the firewall can block hacking and spamming attempts and protect even websites that are not updated often. For example, several unsuccessful login attempts to a script administrator area or attempts to execute a particular file with the objective to get access to the script will trigger certain rules, so ModSecurity will block these activities the minute it discovers them. The firewall is very efficient since it tracks the whole HTTP traffic to an Internet site in real time without slowing it down, so it can easily prevent an attack before any harm is done. It also keeps an exceptionally comprehensive log of all attack attempts that includes more info than standard Apache logs, so you could later analyze the data and take additional measures to enhance the security of your sites if needed.

ModSecurity in Cloud Hosting

ModSecurity is offered with every single cloud hosting plan which we provide and it is switched on by default for any domain or subdomain that you include through your Hepsia CP. If it disrupts any of your apps or you'd like to disable it for whatever reason, you will be able to achieve that through the ModSecurity section of Hepsia with only a click. You can also activate a passive mode, so the firewall will detect possible attacks and keep a log, but won't take any action. You can view detailed logs in the exact same section, including the IP where the attack came from, what precisely the attacker tried to do and at what time, what ModSecurity did, etc. For optimum security of our customers we use a collection of commercial firewall rules blended with custom ones that are added by our system admins.

ModSecurity in Semi-dedicated Servers

ModSecurity is a part of our semi-dedicated server solutions and if you choose to host your websites with our company, there will not be anything special you'll need to do as the firewall is switched on by default for all domains and subdomains which you include via your hosting Control Panel. If needed, you can disable ModSecurity for a particular website or activate the so-called detection mode in which case the firewall shall still operate and record information, but will not do anything to prevent possible attacks against your websites. Comprehensive logs will be accessible within your Control Panel and you will be able to see what sort of attacks happened, what security rules were triggered and how the firewall handled the threats, what IP addresses the attacks came from, etc. We use two sorts of rules on our servers - commercial ones from an organization which operates in the field of web security, and customized ones which our admins sometimes add to respond to newly discovered risks on time.

ModSecurity in Dedicated Servers

ModSecurity is provided by default with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain you create on the web server. In case that a web application doesn't function correctly, you may either turn off the firewall or set it to function in passive mode. The latter means that ModSecurity shall maintain a log of any possible attack that could happen, but shall not take any action to stop it. The logs produced in passive or active mode will give you additional details about the exact file that was attacked, the nature of the attack and the IP it came from, etc. This data will permit you to decide what steps you can take to increase the protection of your Internet sites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we employ are updated often with a commercial package from a third-party security company we work with, but sometimes our admins add their own rules too in the event that they identify a new potential threat.