ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to an Internet site without affecting its performance and when it detects an intrusion attempt, it prevents it. The firewall additionally keeps a more thorough log for the traffic than any web server does, so you will manage to monitor what is going on with your Internet sites better than if you rely only on standard logs. ModSecurity works with security rules based on which it prevents attacks. For example, it detects if someone is trying to log in to the administrator area of a certain script multiple times or if a request is sent to execute a file with a certain command. In such circumstances these attempts set off the corresponding rules and the software hinders the attempts in real time, then records detailed details about them in its logs. ModSecurity is one of the best software firewalls on the market and it could easily protect your web apps against a large number of threats and vulnerabilities, especially in case you don’t update them or their plugins often.

ModSecurity in Web Hosting

ModSecurity is supplied with all web hosting servers, so if you opt to host your Internet sites with our firm, they will be resistant to a wide array of attacks. The firewall is turned on as standard for all domains and subdomains, so there'll be nothing you shall need to do on your end. You will be able to stop ModSecurity for any Internet site if necessary, or to activate a detection mode, so that all activity will be recorded, but the firewall will not take any real action. You shall be able to view comprehensive logs from your Hepsia CP including the IP address where the attack originated from, what the attacker wished to do and how ModSecurity addressed the threat. Since we take the security of our customers' Internet sites very seriously, we employ a collection of commercial rules which we take from one of the best firms that maintain this type of rules. Our admins also add custom rules to ensure that your websites shall be resistant to as many risks as possible.

ModSecurity in Semi-dedicated Hosting

We have incorporated ModSecurity as a standard in all semi-dedicated hosting plans, so your web apps shall be protected whenever you install them under any domain or subdomain. The Hepsia Control Panel that is included with the semi-dedicated accounts shall allow you to switch on or turn off the firewall for any Internet site with a mouse click. You shall also be able to switch on a passive detection mode in which ModSecurity will keep a log of potential attacks without really stopping them. The comprehensive logs contain the nature of the attack and what ModSecurity response this attack activated, where it came from, etc. The list of rules that we employ is regularly updated as to match any new risks which might appear on the Internet and it features both commercial rules that we get from a security corporation and custom-written ones that our admins include in case they find a threat that's not present inside the commercial list yet.

ModSecurity in VPS Hosting

ModSecurity is pre-installed on all virtual private servers that are provided with the Hepsia hosting CP, so your web apps will be protected from the second your server is in a position. The firewall is activated by default for any domain or subdomain on the Virtual Private Server, but if required, you'll be able to deactivate it with a click of your mouse from the corresponding section of Hepsia. You can also set it to work in detection mode, so it'll keep an extensive log of any possible attacks without taking any action to stop them. The logs are available in the exact same section and provide info about the nature of the attack, what IP it originated from and what ModSecurity rule was activated to stop it. For maximum security, we employ not only commercial rules from a business working in the field of web security, but also custom ones our administrators include manually so as to react to new threats which are still not tackled in the commercial rules.

ModSecurity in Dedicated Web Hosting

ModSecurity is available by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain you create on the server. In case that a web app doesn't function properly, you can either switch off the firewall or set it to function in passive mode. The latter means that ModSecurity will keep a log of any potential attack that might take place, but won't take any action to stop it. The logs produced in active or passive mode will present you with more details about the exact file that was attacked, the type of the attack and the IP it came from, and so on. This information will enable you to determine what measures you can take to improve the protection of your sites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we use are updated regularly with a commercial bundle from a third-party security provider we work with, but oftentimes our administrators include their own rules also if they discover a new potential threat.