ModSecurity
Find out what ModSecurity is, how it operates and just what it will do to guard your websites and applications.
ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It is used to stop attacks toward script-driven websites by employing security rules which contain certain expressions. That way, the firewall can block hacking and spamming attempts and preserve even Internet sites which aren't updated regularly. For instance, a number of unsuccessful login attempts to a script administrative area or attempts to execute a specific file with the purpose to get access to the script shall trigger particular rules, so ModSecurity shall block these activities the minute it detects them. The firewall is incredibly efficient as it screens the entire HTTP traffic to a site in real time without slowing it down, so it can stop an attack before any damage is done. It furthermore maintains an exceptionally detailed log of all attack attempts which includes more information than typical Apache logs, so you could later check out the data and take additional measures to improve the security of your websites if necessary.
-
ModSecurity in Hosting
We offer ModSecurity with all
hosting plans, so your web applications will be resistant to destructive attacks. The firewall is switched on as standard for all domains and subdomains, but in case you'd like, you'll be able to stop it via the respective part of your Hepsia CP. You could also activate a detection mode, so ModSecurity will keep a log as intended, but won't take any action. The logs that you shall discover in Hepsia are quite detailed and offer data about the nature of any attack, when it took place and from what IP address, the firewall rule that was triggered, and so on. We employ a range of commercial rules which are frequently updated, but sometimes our administrators add custom rules as well so as to efficiently protect the Internet sites hosted on our machines.
-
ModSecurity in Semi-dedicated Hosting
Any web app that you install inside your new
semi-dedicated hosting account will be protected by ModSecurity because the firewall is included with all our hosting packages and is turned on by default for any domain and subdomain you include or create using your Hepsia hosting Control Panel. You will be able to manage ModSecurity via a dedicated area within Hepsia where not only can you activate or deactivate it completely, but you can also switch on a passive mode, so the firewall shall not block anything, but it shall still maintain an archive of possible attacks. This requires simply a click and you shall be able to look at the logs regardless of if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was handled, and so on. The firewall uses two sets of rules on our machines - a commercial one which we get from a third-party web security company and a custom one which our admins update personally in order to respond to recently discovered risks as quickly as possible.
-
ModSecurity in VPS Hosting
Safety is essential to us, so we set up ModSecurity on all
virtual private servers which are set up with the Hepsia Control Panel by default. The firewall can be managed through a dedicated section within Hepsia and is switched on automatically when you include a new domain or generate a subdomain, so you will not need to do anything by hand. You'll also be able to disable it or turn on the so-called detection mode, so it will maintain a log of possible attacks which you can later study, but won't block them. The logs in both passive and active modes include details regarding the type of the attack and how it was eliminated, what IP address it originated from and other useful data which might help you to tighten the security of your Internet sites by updating them or blocking IPs, for instance. Besides the commercial rules that we get for ModSecurity from a third-party security firm, we also implement our own rules because from time to time we find specific attacks that are not yet present in the commercial pack. That way, we could improve the protection of your Virtual private server in a timely manner rather than waiting for an official update.
-
ModSecurity in Dedicated Web Hosting
When you decide to host your sites on a
dedicated server with the Hepsia CP, your web apps will be protected immediately because ModSecurity is supplied with all Hepsia-based packages. You will be able to manage the firewall with ease and if necessary, you will be able to turn it off or enable its passive mode when it'll only keep a log of what's going on without taking any action to stop potential attacks. The logs that you will find in the very same section of the CP are incredibly detailed and contain data about the attacker IP address, what website and file were attacked and in what ways, what rule the firewall used to prevent the intrusion, and so on. This info will allow you to take measures and enhance the protection of your sites even more. To be on the safe side, we employ not just commercial rules, but also custom-made ones which our admins add every time they recognize attacks that have not yet been included within the commercial pack.