ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its functionality and in case it identifies an intrusion attempt, it prevents it. The firewall additionally keeps a more thorough log for the site visitors than any web server does, so you will be able to monitor what's going on with your sites better than if you rely simply on conventional logs. ModSecurity uses security rules based on which it stops attacks. For instance, it identifies whether anyone is trying to log in to the administrator area of a certain script a number of times or if a request is sent to execute a file with a particular command. In such instances these attempts set off the corresponding rules and the software blocks the attempts immediately, then records in-depth information about them within its logs. ModSecurity is among the very best software firewalls on the market and it could easily protect your web applications against a huge number of threats and vulnerabilities, especially if you don’t update them or their plugins often.

ModSecurity in Shared Hosting

ModSecurity comes by default with all shared hosting solutions which we provide and it shall be activated automatically for any domain or subdomain that you add/create within your Hepsia hosting CP. The firewall has 3 different modes, so you'll be able to activate and deactivate it with a click or set it to detection mode, so it shall maintain a log of all attacks, but it will not do anything to prevent them. The log for any of your Internet sites shall include elaborate info including the nature of the attack, where it came from, what action was taken by ModSecurity, and so forth. The firewall rules we use are constantly updated and incorporate both commercial ones that we get from a third-party security firm and custom ones that our system admins include in case that they detect a new type of attacks. That way, the Internet sites which you host here shall be a lot more secure with no action needed on your end.

ModSecurity in Semi-dedicated Hosting

We've included ModSecurity by default inside all semi-dedicated hosting packages, so your web applications will be protected the instant you install them under any domain or subdomain. The Hepsia CP that is included with the semi-dedicated accounts will permit you to switch on or disable the firewall for any Internet site with a mouse click. You shall also have the ability to switch on a passive detection mode in which ModSecurity shall keep a log of potential attacks without really stopping them. The thorough logs include things like the nature of the attack and what ModSecurity response that attack activated, where it came from, and so forth. The list of rules which we use is constantly updated in order to match any new threats which may appear on the Internet and it includes both commercial rules that we get from a security corporation and custom-written ones which our admins include if they find a threat that's not present inside the commercial list yet.

ModSecurity in VPS Web Hosting

Security is essential to us, so we set up ModSecurity on all virtual private servers that are made available with the Hepsia Control Panel by default. The firewall could be managed via a dedicated section inside Hepsia and is turned on automatically when you add a new domain or create a subdomain, so you won't have to do anything by hand. You'll also be able to disable it or switch on the so-called detection mode, so it shall maintain a log of potential attacks you can later examine, but won't prevent them. The logs in both passive and active modes contain info about the form of the attack and how it was eliminated, what IP address it originated from and other valuable data that could help you to tighten the security of your websites by updating them or blocking IPs, as an example. Beyond the commercial rules that we get for ModSecurity from a third-party security company, we also implement our own rules as from time to time we detect specific attacks that aren't yet present within the commercial group. That way, we can easily improve the protection of your Virtual private server promptly instead of waiting for an official update.

ModSecurity in Dedicated Servers Hosting

ModSecurity is available by default with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain you create on the hosting server. In case that a web application does not operate adequately, you can either turn off the firewall or set it to work in passive mode. The latter means that ModSecurity shall maintain a log of any potential attack that may take place, but shall not take any action to stop it. The logs produced in passive or active mode will present you with more details about the exact file which was attacked, the type of the attack and the IP address it came from, etcetera. This info will enable you to determine what steps you can take to enhance the security of your sites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules that we employ are updated frequently with a commercial pack from a third-party security provider we work with, but occasionally our staff include their own rules as well if they come across a new potential threat.