ModSecurity is a potent web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its performance and when it identifies an intrusion attempt, it prevents it. The firewall also keeps a more comprehensive log for the website visitors than any server does, so you will manage to keep track of what is happening with your Internet sites a lot better than if you rely only on standard logs. ModSecurity works with security rules based on which it helps prevent attacks. For instance, it recognizes whether someone is trying to log in to the administrator area of a specific script a number of times or if a request is sent to execute a file with a specific command. In such instances these attempts trigger the corresponding rules and the firewall hinders the attempts instantly, after that records detailed information about them in its logs. ModSecurity is one of the best software firewalls out there and it can easily protect your web apps against many threats and vulnerabilities, especially if you don’t update them or their plugins often.

ModSecurity in Shared Hosting

ModSecurity is available on all shared hosting machines, so when you decide to host your websites with our firm, they'll be shielded from a wide range of attacks. The firewall is turned on as standard for all domains and subdomains, so there'll be nothing you'll have to do on your end. You shall be able to stop ModSecurity for any Internet site if needed, or to enable a detection mode, so that all activity will be recorded, but the firewall will not take any real action. You'll be able to view comprehensive logs from your Hepsia Control Panel including the IP where the attack came from, what the attacker planned to do and how ModSecurity handled the threat. As we take the security of our clients' sites seriously, we employ a collection of commercial rules which we take from one of the best companies that maintain this kind of rules. Our admins also add custom rules to make sure that your sites will be shielded from as many threats as possible.

ModSecurity in Semi-dedicated Servers

Any web app you install inside your new semi-dedicated server account will be protected by ModSecurity as the firewall is included with all our hosting plans and is turned on by default for any domain and subdomain that you include or create via your Hepsia hosting Control Panel. You'll be able to manage ModSecurity through a dedicated section inside Hepsia where not only can you activate or deactivate it fully, but you could also activate a passive mode, so the firewall won't block anything, but it will still maintain an archive of potential attacks. This normally requires only a click and you will be able to look at the logs regardless of if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was handled, etc. The firewall employs 2 groups of rules on our servers - a commercial one which we get from a third-party web security company and a custom one that our admins update manually as to respond to newly discovered risks as fast as possible.

ModSecurity in VPS Servers

Safety is of the utmost importance to us, so we set up ModSecurity on all VPS servers which are made available with the Hepsia Control Panel by default. The firewall can be managed through a dedicated section in Hepsia and is activated automatically when you add a new domain or create a subdomain, so you will not have to do anything by hand. You will also be able to disable it or turn on the so-called detection mode, so it shall keep a log of potential attacks which you can later study, but won't block them. The logs in both passive and active modes offer details regarding the type of the attack and how it was prevented, what IP it came from and other useful information that may help you to tighten the security of your sites by updating them or blocking IPs, for example. In addition to the commercial rules that we get for ModSecurity from a third-party security enterprise, we also implement our own rules as occasionally we find specific attacks which are not yet present within the commercial package. This way, we can boost the security of your Virtual private server immediately instead of awaiting an official update.

ModSecurity in Dedicated Servers

When you opt to host your Internet sites on a dedicated server with the Hepsia CP, your web apps will be protected right from the start because ModSecurity is available with all Hepsia-based solutions. You will be able to manage the firewall effortlessly and if necessary, you'll be able to turn it off or activate its passive mode when it shall only keep a log of what is going on without taking any action to stop possible attacks. The logs which you'll find within the very same section of the Control Panel are really detailed and feature information about the attacker IP address, what site and file were attacked and in what ways, what rule the firewall employed to stop the intrusion, and so on. This info will enable you to take measures and improve the security of your sites even more. To be on the safe side, we employ not only commercial rules, but also custom-made ones which our administrators add whenever they recognize attacks that have not yet been included within the commercial pack.