ModSecurity is a highly effective web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to an Internet site without affecting its functionality and if it identifies an intrusion attempt, it blocks it. The firewall furthermore maintains a more thorough log for the website visitors than any web server does, so you'll manage to keep an eye on what's happening with your websites better than if you rely merely on standard logs. ModSecurity employs security rules based on which it stops attacks. For example, it identifies if someone is trying to log in to the administrator area of a given script a number of times or if a request is sent to execute a file with a specific command. In these situations these attempts set off the corresponding rules and the firewall program hinders the attempts immediately, then records detailed details about them in its logs. ModSecurity is one of the best software firewalls available and it could easily protect your web apps against a huge number of threats and vulnerabilities, particularly in case you don’t update them or their plugins often.

ModSecurity in Shared Hosting

ModSecurity is supplied with all shared hosting servers, so when you choose to host your Internet sites with our organization, they'll be protected against a wide array of attacks. The firewall is turned on by default for all domains and subdomains, so there'll be nothing you'll need to do on your end. You'll be able to stop ModSecurity for any Internet site if needed, or to switch on a detection mode, so that all activity will be recorded, but the firewall shall not take any real action. You'll be able to view specific logs from your Hepsia CP including the IP address where the attack came from, what the attacker planned to do and how ModSecurity dealt with the threat. As we take the security of our clients' websites very seriously, we use a set of commercial rules which we get from one of the best companies which maintain this sort of rules. Our administrators also add custom rules to make sure that your websites shall be shielded from as many threats as possible.

ModSecurity in Semi-dedicated Servers

We have integrated ModSecurity as a standard inside all semi-dedicated server plans, so your web applications will be protected whenever you set them up under any domain or subdomain. The Hepsia CP that comes with the semi-dedicated accounts will permit you to enable or disable the firewall for any site with a mouse click. You'll also be able to activate a passive detection mode in which ModSecurity shall maintain a log of potential attacks without actually stopping them. The comprehensive logs contain the nature of the attack and what ModSecurity response that attack triggered, where it originated from, etc. The list of rules we use is regularly updated in order to match any new risks which could appear on the Internet and it includes both commercial rules that we get from a security business and custom-written ones that our administrators include if they discover a threat which is not present inside the commercial list yet.

ModSecurity in VPS Servers

ModSecurity is provided with all Hepsia-based VPS servers which we offer and it shall be turned on automatically for every new domain or subdomain which you add on the server. This way, any web application that you install will be secured immediately without doing anything by hand on your end. The firewall could be handled through the section of the CP which bears the same name. This is the location in whichyou could switch off ModSecurity or let its passive mode, so it won't take any action towards threats, but will still maintain a detailed log. The recorded information is available within the same section as well and you will be able to see what IPs any attacks originated from so that you stop them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity reacted. The rules which we employ on our servers are a combination between commercial ones we get from a security company and custom ones which are added by our administrators to optimize the protection of any web applications hosted on our end.

ModSecurity in Dedicated Servers

All our dedicated servers which are installed with the Hepsia hosting Control Panel come with ModSecurity, so any application that you upload or set up shall be protected from the very beginning and you will not need to concern yourself with common attacks or vulnerabilities. A separate section within Hepsia will permit you to start or stop the firewall for each domain or subdomain, or activate a detection mode so that it records information about intrusions, but doesn't take actions to stop them. What you shall discover in the logs can help you to secure your sites better - the IP an attack came from, what site was attacked and in what way, what ModSecurity rule was triggered, etcetera. With this information, you could see whether an Internet site needs an update, if you should block IPs from accessing your web server, and so forth. Besides the third-party commercial security rules for ModSecurity which we use, our admins add custom ones as well every time they discover a new threat which is not yet included in the commercial bundle.