ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It's used to stop attacks against script-driven sites by employing security rules that contain particular expressions. That way, the firewall can block hacking and spamming attempts and protect even websites that aren't updated on a regular basis. For example, multiple failed login attempts to a script administrator area or attempts to execute a certain file with the objective to get access to the script shall trigger particular rules, so ModSecurity will block out these activities the minute it identifies them. The firewall is quite efficient since it screens the whole HTTP traffic to a site in real time without slowing it down, so it can stop an attack before any harm is done. It furthermore maintains an incredibly comprehensive log of all attack attempts that contains more info than standard Apache logs, so you could later examine the data and take further measures to boost the security of your Internet sites if needed.

ModSecurity in Cloud Web Hosting

ModSecurity is available with every single cloud web hosting plan that we offer and it's switched on by default for every domain or subdomain that you include through your Hepsia CP. If it disrupts any of your apps or you would like to disable it for some reason, you shall be able to achieve that through the ModSecurity section of Hepsia with simply a mouse click. You may also activate a passive mode, so the firewall will recognize possible attacks and maintain a log, but shall not take any action. You can see detailed logs in the very same section, including the IP where the attack originated from, what precisely the attacker aimed to do and at what time, what ModSecurity did, etcetera. For max safety of our customers we use a set of commercial firewall rules combined with custom ones which are provided by our system admins.

ModSecurity in Semi-dedicated Servers

Any web app you install in your new semi-dedicated server account will be protected by ModSecurity since the firewall is included with all our hosting solutions and is activated by default for any domain and subdomain which you include or create via your Hepsia hosting CP. You shall be able to manage ModSecurity via a dedicated area in Hepsia where not only could you activate or deactivate it fully, but you could also enable a passive mode, so the firewall won't stop anything, but it will still keep a record of potential attacks. This requires just a mouse click and you'll be able to view the logs regardless if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was addressed, etcetera. The firewall uses 2 groups of rules on our machines - a commercial one that we get from a third-party web security firm and a custom one which our administrators update personally as to respond to recently discovered risks at the earliest opportunity.

ModSecurity in VPS Servers

Protection is essential to us, so we set up ModSecurity on all VPS servers that are set up with the Hepsia CP by default. The firewall could be managed through a dedicated section inside Hepsia and is turned on automatically when you add a new domain or create a subdomain, so you won't need to do anything manually. You will also be able to deactivate it or activate the so-called detection mode, so it'll maintain a log of potential attacks you can later study, but won't block them. The logs in both passive and active modes offer information about the form of the attack and how it was prevented, what IP it came from and other important information which could help you to tighten the security of your Internet sites by updating them or blocking IPs, as an example. In addition to the commercial rules we get for ModSecurity from a third-party security enterprise, we also employ our own rules as once in a while we find specific attacks that aren't yet present within the commercial pack. This way, we could increase the security of your Virtual private server instantly as opposed to awaiting a certified update.

ModSecurity in Dedicated Servers

ModSecurity is provided by default with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain you create on the web server. Just in case that a web app does not function adequately, you can either disable the firewall or set it to operate in passive mode. The latter means that ModSecurity will keep a log of any potential attack that could take place, but shall not take any action to prevent it. The logs created in passive or active mode will provide you with additional details about the exact file that was attacked, the type of the attack and the IP address it originated from, etc. This data shall permit you to decide what steps you can take to increase the safety of your sites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules that we employ are updated regularly with a commercial pack from a third-party security provider we work with, but occasionally our admins add their own rules also if they find a new potential threat.