ModSecurity is a plugin for Apache web servers that functions as a web app layer firewall. It is used to stop attacks against script-driven websites through the use of security rules which contain particular expressions. That way, the firewall can prevent hacking and spamming attempts and preserve even Internet sites that are not updated frequently. For example, numerous failed login attempts to a script admin area or attempts to execute a particular file with the objective to get access to the script will trigger specific rules, so ModSecurity will block these activities the minute it identifies them. The firewall is incredibly efficient since it monitors the whole HTTP traffic to a website in real time without slowing it down, so it can stop an attack before any damage is done. It furthermore maintains a very detailed log of all attack attempts that contains more information than conventional Apache logs, so you can later examine the data and take additional measures to increase the security of your Internet sites if required.

ModSecurity in Cloud Web Hosting

We provide ModSecurity with all cloud web hosting packages, so your web apps will be resistant to destructive attacks. The firewall is turned on as standard for all domains and subdomains, but in case you'd like, you'll be able to stop it using the respective part of your Hepsia CP. You'll be able to also switch on a detection mode, so ModSecurity will keep a log as intended, but won't take any action. The logs which you shall find within Hepsia are incredibly detailed and include information about the nature of any attack, when it occurred and from what IP, the firewall rule that was triggered, and so on. We use a range of commercial rules that are frequently updated, but sometimes our admins include custom rules as well in order to better protect the sites hosted on our servers.

ModSecurity in Dedicated Servers

ModSecurity is provided by default with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain that you create on the hosting server. In the event that a web application does not work properly, you could either switch off the firewall or set it to operate in passive mode. The second means that ModSecurity shall keep a log of any potential attack that could occur, but will not take any action to prevent it. The logs generated in active or passive mode shall provide you with additional details about the exact file that was attacked, the nature of the attack and the IP address it originated from, etcetera. This data shall allow you to decide what measures you can take to improve the protection of your Internet sites, including blocking IPs or performing script and plugin updates. The ModSecurity rules which we employ are updated frequently with a commercial bundle from a third-party security company we work with, but from time to time our staff include their own rules as well when they identify a new potential threat.