ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It is used to prevent attacks against script-driven Internet sites by employing security rules which contain specific expressions. That way, the firewall can block hacking and spamming attempts and preserve even Internet sites which are not updated frequently. For instance, a number of failed login attempts to a script administrator area or attempts to execute a certain file with the purpose to get access to the script shall trigger certain rules, so ModSecurity shall block out these activities the instant it detects them. The firewall is very efficient since it monitors the entire HTTP traffic to a site in real time without slowing it down, so it can easily stop an attack before any harm is done. It also maintains an incredibly thorough log of all attack attempts that includes more information than standard Apache logs, so you can later examine the data and take extra measures to increase the security of your Internet sites if required.

ModSecurity in Cloud Web Hosting

ModSecurity comes by default with all cloud web hosting plans which we supply and it'll be turned on automatically for any domain or subdomain you add/create in your Hepsia hosting Control Panel. The firewall has three different modes, so you'll be able to activate and deactivate it with just a click or set it to detection mode, so it'll maintain a log of all attacks, but it shall not do anything to prevent them. The log for any of your websites will feature detailed information including the nature of the attack, where it originated from, what action was taken by ModSecurity, and so on. The firewall rules we use are regularly updated and include both commercial ones we get from a third-party security firm and custom ones our system administrators include in case that they detect a new sort of attacks. This way, the sites which you host here will be way more secure with no action required on your end.

ModSecurity in Semi-dedicated Hosting

Any web app which you set up inside your new semi-dedicated hosting account will be protected by ModSecurity because the firewall is included with all our hosting plans and is activated by default for any domain and subdomain which you include or create through your Hepsia hosting Control Panel. You'll be able to manage ModSecurity through a dedicated section within Hepsia where not only could you activate or deactivate it fully, but you can also activate a passive mode, so the firewall shall not block anything, but it'll still keep a record of potential attacks. This normally requires just a click and you'll be able to look at the logs regardless if ModSecurity is in active or passive mode through the same section - what the attack was and where it came from, how it was addressed, etcetera. The firewall uses two sets of rules on our machines - a commercial one that we get from a third-party web security provider and a custom one which our admins update manually as to respond to newly discovered threats as soon as possible.