ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It's employed to prevent attacks against script-driven sites through the use of security rules that contain certain expressions. This way, the firewall can block hacking and spamming attempts and shield even websites that aren't updated regularly. As an example, multiple failed login attempts to a script administrative area or attempts to execute a particular file with the intention to get access to the script shall trigger specific rules, so ModSecurity shall block these activities the second it discovers them. The firewall is incredibly efficient since it tracks the whole HTTP traffic to a site in real time without slowing it down, so it could prevent an attack before any damage is done. It furthermore maintains a very thorough log of all attack attempts that contains more info than typical Apache logs, so you could later examine the data and take further measures to improve the security of your sites if needed.

ModSecurity in Web Hosting

ModSecurity comes by default with all web hosting plans which we offer and it shall be turned on automatically for any domain or subdomain that you add/create within your Hepsia hosting CP. The firewall has 3 different modes, so you could switch on and disable it with simply a mouse click or set it to detection mode, so it'll maintain a log of all attacks, but it will not do anything to prevent them. The log for any of your Internet sites will contain in-depth information which includes the nature of the attack, where it came from, what action was taken by ModSecurity, etcetera. The firewall rules which we use are frequently updated and consist of both commercial ones that we get from a third-party security company and custom ones that our system admins include in the event that they detect a new type of attacks. In this way, the websites you host here will be way more protected without any action needed on your end.