ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its operation and if it discovers an intrusion attempt, it prevents it. The firewall additionally keeps a more thorough log for the website visitors than any web server does, so you shall manage to keep an eye on what is going on with your sites better than if you rely merely on standard logs. ModSecurity works with security rules based on which it stops attacks. For instance, it recognizes whether somebody is trying to log in to the administration area of a particular script multiple times or if a request is sent to execute a file with a particular command. In such circumstances these attempts set off the corresponding rules and the firewall hinders the attempts instantly, then records detailed information about them inside its logs. ModSecurity is among the most effective software firewalls on the market and it could easily protect your web apps against a huge number of threats and vulnerabilities, particularly if you don’t update them or their plugins frequently.

ModSecurity in Shared Hosting

ModSecurity is available with each shared hosting package that we offer and it's turned on by default for any domain or subdomain that you include via your Hepsia Control Panel. In case it disrupts any of your applications or you would like to disable it for some reason, you'll be able to do that through the ModSecurity area of Hepsia with merely a mouse click. You could also use a passive mode, so the firewall will detect potential attacks and maintain a log, but shall not take any action. You could view detailed logs in the very same section, including the IP where the attack originated from, exactly what the attacker aimed to do and at what time, what ModSecurity did, and so forth. For max protection of our clients we use a set of commercial firewall rules blended with custom ones which are provided by our system admins.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting packages that we offer include ModSecurity and given that the firewall is turned on by default, any site you build under a domain or a subdomain will be protected right from the start. A separate section in the Hepsia CP that comes with the semi-dedicated accounts is devoted to ModSecurity and it'll allow you to stop and start the firewall for any Internet site or switch on a detection mode. With the latter, ModSecurity won't take any action, but it shall still detect possible attacks and will keep all info inside a log as if it were 100% active. The logs can be found in the same section of the CP and they feature information about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to recognize and stop it, etc. The security rules we employ on our web servers are a mix of commercial ones from a security company and custom ones made by our system admins. Therefore, we offer higher security for your web programs as we can protect them from attacks before security businesses release updates for brand new threats.

ModSecurity in VPS Web Hosting

Safety is essential to us, so we install ModSecurity on all virtual private servers that are made available with the Hepsia Control Panel as a standard. The firewall can be managed through a dedicated section inside Hepsia and is activated automatically when you add a new domain or generate a subdomain, so you won't have to do anything by hand. You'll also be able to deactivate it or activate the so-called detection mode, so it shall keep a log of potential attacks that you can later analyze, but won't stop them. The logs in both passive and active modes include info about the form of the attack and how it was stopped, what IP it originated from and other valuable data which might help you to tighten the security of your websites by updating them or blocking IPs, for instance. Beyond the commercial rules that we get for ModSecurity from a third-party security enterprise, we also employ our own rules since from time to time we detect specific attacks that are not yet present within the commercial pack. This way, we can boost the security of your Virtual private server instantly instead of waiting for an official update.

ModSecurity in Dedicated Servers Hosting

All our dedicated servers that are set up with the Hepsia hosting CP feature ModSecurity, so any program you upload or set up will be protected from the very beginning and you'll not have to worry about common attacks or vulnerabilities. A separate section in Hepsia will allow you to start or stop the firewall for each domain or subdomain, or activate a detection mode so that it records information regarding intrusions, but doesn't take actions to prevent them. What you'll see in the logs can help you to secure your Internet sites better - the IP an attack came from, what website was attacked as well as how, what ModSecurity rule was triggered, etcetera. With this data, you'll be able to see whether a website needs an update, whether you need to block IPs from accessing your server, etc. Aside from the third-party commercial security rules for ModSecurity we use, our admins include custom ones as well whenever they come across a new threat which is not yet a part of the commercial bundle.