ModSecurity is a plugin for Apache web servers which acts as a web application layer firewall. It's used to prevent attacks toward script-driven Internet sites by using security rules that contain certain expressions. This way, the firewall can block hacking and spamming attempts and shield even Internet sites which are not updated on a regular basis. For instance, multiple unsuccessful login attempts to a script administrator area or attempts to execute a certain file with the purpose to get access to the script will trigger specific rules, so ModSecurity shall block out these activities the instant it detects them. The firewall is very efficient because it screens the whole HTTP traffic to a website in real time without slowing it down, so it can prevent an attack before any damage is done. It also maintains a very detailed log of all attack attempts which contains more info than traditional Apache logs, so you can later check out the data and take additional measures to boost the security of your websites if required.

ModSecurity in Shared Web Hosting

We offer ModSecurity with all shared web hosting packages, so your web applications will be shielded from destructive attacks. The firewall is activated by default for all domains and subdomains, but in case you'd like, you will be able to stop it through the respective area of your Hepsia Control Panel. You'll be able to also activate a detection mode, so ModSecurity shall keep a log as intended, but will not take any action. The logs which you will find within Hepsia are quite detailed and feature data about the nature of any attack, when it occurred and from what IP address, the firewall rule that was triggered, and so on. We employ a range of commercial rules that are regularly updated, but sometimes our admins include custom rules as well so as to better protect the Internet sites hosted on our servers.

ModSecurity in Semi-dedicated Hosting

We have integrated ModSecurity as a standard within all semi-dedicated hosting plans, so your web apps shall be protected the instant you install them under any domain or subdomain. The Hepsia CP which is included with the semi-dedicated accounts will allow you to enable or disable the firewall for any site with a mouse click. You'll also be able to activate a passive detection mode through which ModSecurity shall maintain a log of possible attacks without really stopping them. The detailed logs contain the nature of the attack and what ModSecurity response that attack caused, where it originated from, and so on. The list of rules that we employ is frequently updated as to match any new risks which could appear on the Internet and it features both commercial rules that we get from a security corporation and custom-written ones that our administrators add in case they discover a threat which is not present within the commercial list yet.