ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It's used to stop attacks toward script-driven sites through the use of security rules that contain certain expressions. That way, the firewall can stop hacking and spamming attempts and shield even Internet sites that aren't updated regularly. For instance, multiple unsuccessful login attempts to a script administrative area or attempts to execute a certain file with the purpose to get access to the script will trigger specific rules, so ModSecurity shall stop these activities the instant it detects them. The firewall is extremely efficient since it monitors the whole HTTP traffic to a website in real time without slowing it down, so it can stop an attack before any harm is done. It also keeps an incredibly comprehensive log of all attack attempts that includes more info than traditional Apache logs, so you could later examine the data and take extra measures to boost the security of your Internet sites if required.

ModSecurity in Shared Hosting

ModSecurity comes by default with all shared hosting plans that we offer and it shall be activated automatically for any domain or subdomain which you add/create within your Hepsia hosting Control Panel. The firewall has three different modes, so you'll be able to activate and deactivate it with a mouse click or set it to detection mode, so it shall maintain a log of all attacks, but it shall not do anything to prevent them. The log for each of your Internet sites shall feature detailed information which includes the nature of the attack, where it came from, what action was taken by ModSecurity, etcetera. The firewall rules which we use are regularly updated and consist of both commercial ones that we get from a third-party security company and custom ones that our system administrators include in case that they detect a new type of attacks. In this way, the websites that you host here will be a lot more secure with no action required on your end.

ModSecurity in Dedicated Servers

ModSecurity is offered as standard with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain you create on the web server. In case that a web application doesn't operate correctly, you could either turn off the firewall or set it to operate in passive mode. The latter means that ModSecurity shall keep a log of any potential attack which could happen, but won't take any action to prevent it. The logs produced in active or passive mode shall provide you with additional details about the exact file which was attacked, the form of the attack and the IP address it originated from, and so forth. This data shall permit you to decide what actions you can take to boost the security of your websites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules that we employ are updated regularly with a commercial pack from a third-party security provider we work with, but oftentimes our administrators include their own rules too if they identify a new potential threat.