ModSecurity is a plugin for Apache web servers that acts as a web application layer firewall. It's employed to stop attacks toward script-driven sites by employing security rules that contain certain expressions. This way, the firewall can stop hacking and spamming attempts and shield even Internet sites which are not updated often. For example, several unsuccessful login attempts to a script administrator area or attempts to execute a certain file with the purpose to get access to the script will trigger specific rules, so ModSecurity will block these activities the moment it identifies them. The firewall is extremely efficient as it monitors the entire HTTP traffic to a site in real time without slowing it down, so it can prevent an attack before any damage is done. It also keeps an exceptionally thorough log of all attack attempts that includes more information than traditional Apache logs, so you can later check out the data and take extra measures to enhance the security of your Internet sites if necessary.

ModSecurity in Semi-dedicated Servers

We've incorporated ModSecurity as a standard in all semi-dedicated server plans, so your web applications shall be protected whenever you install them under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts shall permit you to activate or turn off the firewall for any Internet site with a mouse click. You shall also be able to turn on a passive detection mode in which ModSecurity shall maintain a log of possible attacks without really preventing them. The thorough logs include the nature of the attack and what ModSecurity response that attack generated, where it came from, and so forth. The list of rules which we employ is frequently updated as to match any new threats that might appear on the Internet and it includes both commercial rules that we get from a security corporation and custom-written ones that our admins include in the event that they find a threat that is not present inside the commercial list yet.

ModSecurity in VPS Servers

Safety is extremely important to us, so we install ModSecurity on all VPS servers which are set up with the Hepsia Control Panel by default. The firewall could be managed through a dedicated section inside Hepsia and is turned on automatically when you include a new domain or generate a subdomain, so you won't have to do anything personally. You will also be able to deactivate it or switch on the so-called detection mode, so it will maintain a log of possible attacks that you can later examine, but shall not prevent them. The logs in both passive and active modes offer info regarding the form of the attack and how it was prevented, what IP address it originated from and other important data which might help you to tighten the security of your sites by updating them or blocking IPs, for example. On top of the commercial rules that we get for ModSecurity from a third-party security company, we also use our own rules because every now and then we discover specific attacks that aren't yet present in the commercial pack. This way, we could improve the protection of your VPS in a timely manner instead of awaiting a certified update.

ModSecurity in Dedicated Servers

ModSecurity is available by default with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain which you create on the hosting server. In the event that a web application does not function adequately, you may either turn off the firewall or set it to function in passive mode. The second means that ModSecurity will maintain a log of any possible attack which may take place, but will not take any action to prevent it. The logs produced in passive or active mode will offer you additional details about the exact file which was attacked, the nature of the attack and the IP it came from, and so on. This info will enable you to decide what actions you can take to improve the protection of your websites, including blocking IPs or performing script and plugin updates. The ModSecurity rules we employ are updated frequently with a commercial bundle from a third-party security firm we work with, but occasionally our staff include their own rules too if they come across a new potential threat.