ModSecurity is an efficient firewall for Apache web servers which is employed to prevent attacks towards web applications. It tracks the HTTP traffic to a particular site in real time and prevents any intrusion attempts the instant it discovers them. The firewall uses a set of rules to do that - for instance, attempting to log in to a script administrator area unsuccessfully many times sets off one rule, sending a request to execute a specific file which could result in accessing the Internet site triggers another rule, and so on. ModSecurity is amongst the best firewalls around and it'll protect even scripts that aren't updated often because it can prevent attackers from using known exploits and security holes. Quite comprehensive info about each and every intrusion attempt is recorded and the logs the firewall keeps are a lot more specific than the conventional logs provided by the Apache server, so you can later take a look at them and determine if you need to take more measures so as to enhance the security of your script-driven sites.

ModSecurity in Hosting

ModSecurity comes by default with all hosting solutions which we offer and it shall be activated automatically for any domain or subdomain which you add/create within your Hepsia hosting Control Panel. The firewall has 3 different modes, so you could switch on and disable it with only a click or set it to detection mode, so it will keep a log of all attacks, but it shall not do anything to prevent them. The log for any of your sites will contain comprehensive info including the nature of the attack, where it originated from, what action was taken by ModSecurity, etcetera. The firewall rules we use are frequently updated and include both commercial ones that we get from a third-party security company and custom ones our system admins add in the event that they detect a new kind of attacks. In this way, the websites that you host here shall be way more secure with no action needed on your end.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting plans that we offer include ModSecurity and because the firewall is switched on by default, any Internet site which you create under a domain or a subdomain shall be secured right from the start. An independent section inside the Hepsia Control Panel which comes with the semi-dedicated accounts is devoted to ModSecurity and it'll permit you to stop and start the firewall for any Internet site or enable a detection mode. With the latter, ModSecurity won't take any action, but it will still recognize possible attacks and will keep all information in a log as if it were completely active. The logs can be found inside the very same section of the Control Panel and they feature specifics about the IP where an attack came from, what its nature was, what rule ModSecurity applies to recognize and stop it, etcetera. The security rules we employ on our web servers are a mix of commercial ones from a security firm and custom ones created by our system admins. Therefore, we provide higher security for your web apps as we can defend them from attacks even before security companies release updates for brand new threats.

ModSecurity in VPS Hosting

All virtual private servers which are provided with the Hepsia Control Panel include ModSecurity. The firewall is installed and activated by default for all domains which are hosted on the server, so there shall not be anything special which you'll have to do to protect your websites. It will take you just a mouse click to stop ModSecurity if necessary or to activate its passive mode so that it records what goes on without taking any steps to stop intrusions. You shall be able to see the logs produced in passive or active mode through the corresponding section of Hepsia and discover more about the type of the attack, where it originated from, what rule the firewall employed to handle it, and so on. We use a mixture of commercial and custom rules so as to ensure that ModSecurity shall prevent as many threats as possible, hence enhancing the security of your web programs as much as possible.

ModSecurity in Dedicated Web Hosting

ModSecurity is available by default with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain which you create on the hosting server. Just in case that a web application does not work properly, you could either turn off the firewall or set it to function in passive mode. The second means that ModSecurity shall maintain a log of any potential attack that may happen, but shall not take any action to prevent it. The logs generated in passive or active mode will present you with additional details about the exact file which was attacked, the type of the attack and the IP address it came from, and so forth. This info will permit you to decide what actions you can take to increase the security of your sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules that we employ are updated often with a commercial pack from a third-party security provider we work with, but oftentimes our admins add their own rules too in the event that they identify a new potential threat.