ModSecurity is a highly effective firewall for Apache web servers which is employed to stop attacks against web apps. It keeps track of the HTTP traffic to a certain Internet site in real time and prevents any intrusion attempts the instant it detects them. The firewall relies on a set of rules to do this - as an illustration, trying to log in to a script admin area without success several times sets off one rule, sending a request to execute a specific file which may result in accessing the website triggers another rule, and so forth. ModSecurity is one of the best firewalls around and it'll preserve even scripts that aren't updated regularly since it can prevent attackers from using known exploits and security holes. Incredibly comprehensive information about every intrusion attempt is recorded and the logs the firewall maintains are considerably more comprehensive than the regular logs created by the Apache server, so you could later examine them and determine whether you need to take more measures in order to improve the protection of your script-driven sites.

ModSecurity in Shared Hosting

ModSecurity comes by default with all shared hosting packages that we provide and it'll be activated automatically for any domain or subdomain which you add/create inside your Hepsia hosting CP. The firewall has 3 different modes, so you can activate and deactivate it with a mouse click or set it to detection mode, so it'll keep a log of all attacks, but it will not do anything to prevent them. The log for each of your sites will include in-depth information which includes the nature of the attack, where it originated from, what action was taken by ModSecurity, etcetera. The firewall rules which we use are constantly updated and comprise of both commercial ones that we get from a third-party security firm and custom ones which our system admins add in case that they detect a new sort of attacks. That way, the websites you host here shall be far more protected with no action needed on your end.

ModSecurity in Semi-dedicated Servers

ModSecurity is part of our semi-dedicated server solutions and if you opt to host your websites with our company, there shall not be anything special you'll need to do since the firewall is turned on by default for all domains and subdomains you add via your hosting CP. If necessary, you can disable ModSecurity for a particular site or enable the so-called detection mode in which case the firewall will still operate and record information, but won't do anything to prevent possible attacks against your Internet sites. Detailed logs shall be accessible inside your CP and you shall be able to see what sort of attacks happened, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks came from, etc. We use 2 sorts of rules on our servers - commercial ones from a firm that operates in the field of web security, and customized ones which our administrators sometimes add to respond to newly discovered risks promptly.

ModSecurity in VPS Servers

Safety is very important to us, so we install ModSecurity on all VPS servers which are provided with the Hepsia Control Panel by default. The firewall can be managed via a dedicated section inside Hepsia and is turned on automatically when you add a new domain or create a subdomain, so you'll not need to do anything by hand. You will also be able to disable it or switch on the so-called detection mode, so it'll maintain a log of potential attacks you can later examine, but won't stop them. The logs in both passive and active modes contain details regarding the kind of the attack and how it was prevented, what IP address it came from and other useful information which could help you to tighten the security of your websites by updating them or blocking IPs, for instance. Besides the commercial rules we get for ModSecurity from a third-party security firm, we also employ our own rules as from time to time we identify specific attacks that are not yet present in the commercial pack. That way, we could boost the protection of your Virtual private server instantly rather than waiting for an official update.

ModSecurity in Dedicated Servers

If you opt to host your websites on a dedicated server with the Hepsia Control Panel, your web applications shall be secured immediately since ModSecurity is supplied with all Hepsia-based packages. You'll be able to control the firewall effortlessly and if required, you will be able to turn it off or switch on its passive mode when it'll only keep a log of what is going on without taking any action to prevent potential attacks. The logs that you can find inside the exact same section of the CP are very detailed and include information about the attacker IP address, what website and file were attacked and in what ways, what rule the firewall used to prevent the intrusion, etc. This info will allow you to take measures and improve the protection of your websites even more. To be on the safe side, we employ not only commercial rules, but also custom-made ones which our admins include when they recognize attacks which haven't yet been included inside the commercial pack.