ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It is used to prevent attacks toward script-driven websites through the use of security rules that contain particular expressions. In this way, the firewall can prevent hacking and spamming attempts and preserve even websites that are not updated frequently. As an example, several failed login attempts to a script administrator area or attempts to execute a particular file with the intention to get access to the script shall trigger particular rules, so ModSecurity will stop these activities the instant it identifies them. The firewall is extremely efficient as it monitors the whole HTTP traffic to a website in real time without slowing it down, so it can stop an attack before any damage is done. It additionally keeps a very comprehensive log of all attack attempts that includes more info than typical Apache logs, so you could later analyze the data and take additional measures to enhance the security of your Internet sites if required.

ModSecurity in Web Hosting

ModSecurity can be found with each web hosting package which we provide and it's turned on by default for every domain or subdomain which you include via your Hepsia CP. In the event that it disrupts any of your programs or you'd like to disable it for some reason, you will be able to do this through the ModSecurity area of Hepsia with only a click. You could also use a passive mode, so the firewall will discover possible attacks and keep a log, but won't take any action. You could view extensive logs in the same section, including the IP where the attack originated from, exactly what the attacker aimed to do and at what time, what ModSecurity did, and so forth. For max protection of our clients we use a set of commercial firewall rules blended with custom ones which are provided by our system administrators.

ModSecurity in Semi-dedicated Servers

ModSecurity is part of our semi-dedicated server solutions and if you choose to host your sites with us, there will not be anything special you'll have to do as the firewall is activated by default for all domains and subdomains which you include via your hosting CP. If required, you can disable ModSecurity for a particular website or activate the so-called detection mode in which case the firewall shall still function and record info, but will not do anything to stop possible attacks against your websites. In depth logs will be readily available in your Control Panel and you will be able to see which kind of attacks took place, what security rules were triggered and how the firewall handled the threats, what IP addresses the attacks originated from, and so forth. We use two sorts of rules on our servers - commercial ones from a business that operates in the field of web security, and custom ones that our administrators occasionally add to respond to newly discovered risks on time.

ModSecurity in Dedicated Servers

ModSecurity is available as standard with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain that you create on the web server. In the event that a web application does not function properly, you may either disable the firewall or set it to function in passive mode. The second means that ModSecurity shall maintain a log of any potential attack that might occur, but will not take any action to prevent it. The logs generated in passive or active mode shall provide you with more details about the exact file which was attacked, the form of the attack and the IP it came from, and so on. This info will allow you to determine what measures you can take to improve the security of your sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules which we use are updated constantly with a commercial pack from a third-party security firm we work with, but oftentimes our staff include their own rules too if they identify a new potential threat.