ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It is employed to stop attacks toward script-driven websites by employing security rules which contain specific expressions. That way, the firewall can prevent hacking and spamming attempts and protect even Internet sites that are not updated frequently. For example, multiple failed login attempts to a script administrator area or attempts to execute a certain file with the intention to get access to the script shall trigger particular rules, so ModSecurity shall block out these activities the second it detects them. The firewall is quite efficient as it screens the whole HTTP traffic to a website in real time without slowing it down, so it can stop an attack before any damage is done. It also maintains an incredibly detailed log of all attack attempts which contains more info than traditional Apache logs, so you can later check out the data and take additional measures to boost the security of your websites if required.

ModSecurity in Cloud Hosting

ModSecurity is available with every cloud hosting solution which we offer and it's switched on by default for every domain or subdomain which you include via your Hepsia CP. If it disrupts any of your programs or you'd like to disable it for some reason, you shall be able to achieve that through the ModSecurity area of Hepsia with merely a click. You may also activate a passive mode, so the firewall will detect possible attacks and keep a log, but will not take any action. You can view extensive logs in the same section, including the IP where the attack came from, exactly what the attacker aimed to do and at what time, what ModSecurity did, and so on. For max protection of our customers we use a group of commercial firewall rules combined with custom ones which are provided by our system admins.

ModSecurity in Dedicated Web Hosting

ModSecurity is offered by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain that you host or subdomain you create on the hosting server. In case that a web application doesn't function adequately, you may either turn off the firewall or set it to work in passive mode. The latter means that ModSecurity will maintain a log of any potential attack that could happen, but won't take any action to stop it. The logs created in active or passive mode shall give you more details about the exact file that was attacked, the type of the attack and the IP it originated from, etc. This data will enable you to determine what measures you can take to boost the safety of your websites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules which we employ are updated regularly with a commercial pack from a third-party security enterprise we work with, but sometimes our administrators add their own rules also in the event that they find a new potential threat.