ModSecurity is an effective firewall for Apache web servers which is used to prevent attacks toward web applications. It tracks the HTTP traffic to a certain Internet site in real time and stops any intrusion attempts as soon as it discovers them. The firewall relies on a set of rules to do that - for example, attempting to log in to a script administration area without success several times sets off one rule, sending a request to execute a particular file that may result in accessing the Internet site triggers a different rule, and so on. ModSecurity is one of the best firewalls out there and it will protect even scripts that are not updated frequently since it can prevent attackers from using known exploits and security holes. Very thorough data about every intrusion attempt is recorded and the logs the firewall maintains are far more comprehensive than the standard logs generated by the Apache server, so you may later examine them and determine whether you need to take additional measures so as to increase the safety of your script-driven Internet sites.

ModSecurity in Shared Website Hosting

ModSecurity comes standard with all shared website hosting solutions that we supply and it shall be turned on automatically for any domain or subdomain that you add/create in your Hepsia hosting Control Panel. The firewall has 3 different modes, so you could activate and deactivate it with simply a click or set it to detection mode, so it will maintain a log of all attacks, but it'll not do anything to stop them. The log for any of your websites will feature detailed info such as the nature of the attack, where it came from, what action was taken by ModSecurity, and so forth. The firewall rules that we use are frequently updated and incorporate both commercial ones that we get from a third-party security business and custom ones that our system administrators add in case that they detect a new kind of attacks. In this way, the sites which you host here will be a lot more secure with no action required on your end.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting solutions that we offer come with ModSecurity and given that the firewall is enabled by default, any website that you create under a domain or a subdomain shall be secured immediately. An independent section inside the Hepsia CP that comes with the semi-dedicated accounts is devoted to ModSecurity and it shall allow you to start and stop the firewall for any Internet site or activate a detection mode. With the last option, ModSecurity will not take any action, but it shall still recognize possible attacks and will keep all information inside a log as if it were 100% active. The logs could be found inside the exact same section of the Control Panel and they offer details about the IP where an attack came from, what its nature was, what rule ModSecurity applies to recognize and stop it, and so forth. The security rules which we employ on our web servers are a mix between commercial ones from a security firm and custom ones made by our system admins. Consequently, we provide higher security for your web programs as we can protect them from attacks even before security corporations release updates for brand new threats.

ModSecurity in VPS Hosting

ModSecurity is pre-installed on all virtual private servers that are offered with the Hepsia hosting Control Panel, so your web programs shall be secured from the moment your server is in a position. The firewall is switched on by default for any domain or subdomain on the VPS, but if necessary, you'll be able to disable it with a click of your mouse from the corresponding section of Hepsia. You may also set it to work in detection mode, so it shall maintain an extensive log of any potential attacks without taking any action to prevent them. The logs are available in the very same section and offer information about the nature of the attack, what IP it originated from and what ModSecurity rule was initiated to stop it. For maximum security, we use not only commercial rules from a business operating in the field of web security, but also custom ones which our admins include personally so as to react to new threats which are still not addressed in the commercial rules.

ModSecurity in Dedicated Web Hosting

ModSecurity comes with all dedicated servers which are set up with our Hepsia CP and you will not have to do anything specific on your end to employ it as it's switched on by default whenever you include a new domain or subdomain on your hosting server. If it interferes with any of your applications, you will be able to stop it through the respective area of Hepsia, or you can leave it operating in passive mode, so it will recognize attacks and shall still maintain a log for them, but will not block them. You can analyze the logs later to find out what you can do to increase the protection of your websites since you will find information such as where an intrusion attempt originated from, what site was attacked and in accordance with what rule ModSecurity reacted, etc. The rules which we use are commercial, thus they are frequently updated by a security firm, but to be on the safe side, our admins also include custom rules once in a while in order to react to any new threats they have identified.