ModSecurity is a highly effective firewall for Apache web servers which is used to stop attacks against web apps. It monitors the HTTP traffic to a given site in real time and stops any intrusion attempts the moment it detects them. The firewall uses a set of rules to do that - for example, trying to log in to a script administration area without success a few times triggers one rule, sending a request to execute a specific file which may result in gaining access to the website triggers another rule, and so on. ModSecurity is amongst the best firewalls around and it'll preserve even scripts that are not updated frequently since it can prevent attackers from employing known exploits and security holes. Quite detailed information about every single intrusion attempt is recorded and the logs the firewall maintains are far more comprehensive than the regular logs provided by the Apache server, so you can later analyze them and decide whether you need to take extra measures so as to boost the security of your script-driven websites.

ModSecurity in Shared Website Hosting

We offer ModSecurity with all shared website hosting plans, so your Internet apps will be shielded from destructive attacks. The firewall is activated as standard for all domains and subdomains, but in case you would like, you shall be able to stop it via the respective section of your Hepsia CP. You'll be able to also activate a detection mode, so ModSecurity will keep a log as intended, but shall not take any action. The logs that you shall find within Hepsia are very detailed and feature data about the nature of any attack, when it occurred and from what IP address, the firewall rule that was triggered, and so on. We employ a set of commercial rules that are constantly updated, but sometimes our admins include custom rules as well so as to better protect the Internet sites hosted on our servers.

ModSecurity in Semi-dedicated Hosting

ModSecurity is a part of our semi-dedicated hosting plans and if you choose to host your sites with our company, there shall not be anything special you'll need to do since the firewall is turned on by default for all domains and subdomains that you add via your hosting CP. If necessary, you'll be able to disable ModSecurity for a given site or turn on the so-called detection mode in which case the firewall will still operate and record information, but will not do anything to prevent possible attacks against your Internet sites. In depth logs will be available inside your Control Panel and you'll be able to see what type of attacks occurred, what security rules were triggered and how the firewall handled the threats, what Internet protocol addresses the attacks originated from, etcetera. We use 2 types of rules on our servers - commercial ones from a business which operates in the field of web security, and customized ones which our admins often include to respond to newly identified threats in a timely manner.

ModSecurity in VPS

ModSecurity is included with all Hepsia-based virtual private servers that we offer and it will be turned on automatically for any new domain or subdomain you add on the machine. This way, any web application which you install shall be secured from the very beginning without doing anything manually on your end. The firewall can be managed via the section of the Control Panel that has the same name. This is the area in whichyou could switch off ModSecurity or let its passive mode, so it won't take any action against threats, but shall still keep a thorough log. The recorded information is available within the same area as well and you will be able to see what IPs any attacks originated from so that you can block them, what the nature of the attempted attacks was and based upon what security rules ModSecurity responded. The rules we employ on our servers are a combination between commercial ones which we obtain from a security company and custom ones that are included by our staff to enhance the security of any web applications hosted on our end.

ModSecurity in Dedicated Hosting

All our dedicated servers that are set up with the Hepsia hosting CP come with ModSecurity, so any program you upload or install shall be secured from the very beginning and you won't have to stress about common attacks or vulnerabilities. An individual section within Hepsia will allow you to start or stop the firewall for each and every domain or subdomain, or switch on a detection mode so that it records information about intrusions, but doesn't take actions to stop them. What you'll discover in the logs can allow you to to secure your Internet sites better - the IP address an attack came from, what website was attacked and how, what ModSecurity rule was triggered, and so on. With this information, you could see if an Internet site needs an update, if you should block IPs from accessing your server, and so forth. On top of the third-party commercial security rules for ModSecurity that we use, our administrators include custom ones too if they come across a new threat that is not yet in the commercial bundle.