ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its overall performance and when it discovers an intrusion attempt, it prevents it. The firewall furthermore maintains a more comprehensive log for the site visitors than any web server does, so you will manage to keep track of what's going on with your sites much better than if you rely merely on standard logs. ModSecurity uses security rules based on which it prevents attacks. For example, it identifies whether somebody is attempting to log in to the administrator area of a certain script multiple times or if a request is sent to execute a file with a particular command. In these cases these attempts trigger the corresponding rules and the software hinders the attempts right away, then records comprehensive info about them inside its logs. ModSecurity is amongst the best software firewalls out there and it can easily protect your web applications against many threats and vulnerabilities, especially in case you don’t update them or their plugins often.

ModSecurity in Shared Hosting

We offer ModSecurity with all shared hosting plans, so your Internet apps will be shielded from harmful attacks. The firewall is turned on by default for all domains and subdomains, but if you would like, you shall be able to stop it through the respective section of your Hepsia CP. You could also activate a detection mode, so ModSecurity will keep a log as intended, but shall not take any action. The logs which you shall find inside Hepsia are extremely detailed and feature data about the nature of any attack, when it transpired and from what IP address, the firewall rule that was triggered, etcetera. We use a group of commercial rules that are constantly updated, but sometimes our admins include custom rules as well in order to efficiently protect the websites hosted on our servers.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server packages that we offer come with ModSecurity and given that the firewall is switched on by default, any Internet site that you set up under a domain or a subdomain shall be protected immediately. An individual section within the Hepsia Control Panel which comes with the semi-dedicated accounts is dedicated to ModSecurity and it shall permit you to start and stop the firewall for any website or enable a detection mode. With the latter, ModSecurity will not take any action, but it'll still recognize possible attacks and will keep all information within a log as if it were fully active. The logs could be found inside the same section of the CP and they include specifics about the IP where an attack came from, what its nature was, what rule ModSecurity applies to recognize and stop it, and so forth. The security rules we use on our machines are a mix of commercial ones from a security firm and custom ones made by our system administrators. Consequently, we offer higher security for your web programs as we can shield them from attacks even before security corporations release updates for completely new threats.

ModSecurity in VPS Servers

ModSecurity is provided with all Hepsia-based VPS servers we offer and it shall be switched on automatically for every new domain or subdomain you add on the hosting server. In this way, any web app which you install will be protected immediately without doing anything by hand on your end. The firewall may be handled through the section of the Control Panel that has the same name. This is the location in whichyou can disable ModSecurity or enable its passive mode, so it shall not take any action towards threats, but shall still keep a detailed log. The recorded info is available inside the same area as well and you'll be able to see what IPs any attacks originated from so that you can stop them, what the nature of the attempted attacks was and based on what security rules ModSecurity responded. The rules that we employ on our servers are a blend between commercial ones that we obtain from a security company and custom ones which are included by our staff to optimize the security of any web applications hosted on our end.

ModSecurity in Dedicated Servers

All of our dedicated servers which are set up with the Hepsia hosting Control Panel include ModSecurity, so any application which you upload or set up shall be secured from the very beginning and you'll not have to bother about common attacks or vulnerabilities. A separate section in Hepsia will allow you to start or stop the firewall for each and every domain or subdomain, or turn on a detection mode so that it records info about intrusions, but doesn't take actions to prevent them. What you shall find in the logs can help you to secure your sites better - the IP address an attack came from, what website was attacked as well as how, what ModSecurity rule was triggered, and so on. With this information, you could see if a site needs an update, whether you need to block IPs from accessing your hosting server, and so forth. Besides the third-party commercial security rules for ModSecurity which we use, our administrators include custom ones as well every time they discover a new threat that's not yet a part of the commercial bundle.