ModSecurity is a plugin for Apache web servers which acts as a web application layer firewall. It is employed to stop attacks towards script-driven Internet sites through the use of security rules that contain certain expressions. That way, the firewall can block hacking and spamming attempts and protect even Internet sites that are not updated regularly. For example, several unsuccessful login attempts to a script administrative area or attempts to execute a specific file with the intention to get access to the script shall trigger certain rules, so ModSecurity shall block out these activities the moment it detects them. The firewall is quite efficient since it tracks the whole HTTP traffic to an Internet site in real time without slowing it down, so it can prevent an attack before any harm is done. It additionally maintains an incredibly detailed log of all attack attempts which features more information than standard Apache logs, so you can later analyze the data and take extra measures to improve the security of your Internet sites if necessary.
ModSecurity in Website Hosting
We offer ModSecurity with all website hosting plans, so your web applications shall be resistant to destructive attacks. The firewall is activated as standard for all domains and subdomains, but if you would like, you shall be able to stop it using the respective area of your Hepsia Control Panel. You'll be able to also activate a detection mode, so ModSecurity will keep a log as intended, but won't take any action. The logs which you'll discover inside Hepsia are extremely detailed and feature information about the nature of any attack, when it transpired and from what IP, the firewall rule that was triggered, etc. We employ a group of commercial rules that are frequently updated, but sometimes our admins add custom rules as well so as to better protect the sites hosted on our servers.
ModSecurity in Semi-dedicated Hosting
We have integrated ModSecurity by default inside all semi-dedicated hosting plans, so your web applications will be protected the instant you set them up under any domain or subdomain. The Hepsia CP that is included with the semi-dedicated accounts will allow you to enable or turn off the firewall for any website with a mouse click. You will also be able to switch on a passive detection mode with which ModSecurity will keep a log of possible attacks without actually preventing them. The detailed logs include the nature of the attack and what ModSecurity response that attack initiated, where it came from, etc. The list of rules that we employ is constantly updated in order to match any new risks which may appear on the Internet and it consists of both commercial rules that we get from a security corporation and custom-written ones that our admins include if they discover a threat that is not present within the commercial list yet.
ModSecurity in VPS Hosting
All virtual private servers that are provided with the Hepsia CP feature ModSecurity. The firewall is set up and turned on by default for all domains which are hosted on the web server, so there shall not be anything special which you'll have to do to protect your sites. It will take you only a click to stop ModSecurity if necessary or to activate its passive mode so that it records what goes on without taking any steps to stop intrusions. You shall be able to see the logs created in active or passive mode through the corresponding section of Hepsia and learn more about the type of the attack, where it came from, what rule the firewall used to tackle it, etcetera. We use a mixture of commercial and custom rules so as to ensure that ModSecurity shall block out as many risks as possible, consequently enhancing the security of your web applications as much as possible.
ModSecurity in Dedicated Web Hosting
If you opt to host your Internet sites on a dedicated server with the Hepsia CP, your web applications shall be secured right away because ModSecurity is provided with all Hepsia-based packages. You shall be able to regulate the firewall easily and if required, you shall be able to turn it off or activate its passive mode when it shall only maintain a log of what is occurring without taking any action to stop possible attacks. The logs which you can find within the exact same section of the CP are really detailed and include information about the attacker IP, what site and file were attacked and in what way, what rule the firewall employed to stop the intrusion, etc. This information shall enable you to take measures and boost the protection of your websites even more. To be on the safe side, we employ not just commercial rules, but also custom-made ones that our admins include whenever they recognize attacks which haven't yet been included in the commercial pack.