ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its functionality and when it discovers an intrusion attempt, it prevents it. The firewall also maintains a more thorough log for the traffic than any server does, so you will manage to monitor what is happening with your websites better than if you rely only on standard logs. ModSecurity uses security rules based on which it prevents attacks. For instance, it detects if anyone is trying to log in to the administration area of a specific script several times or if a request is sent to execute a file with a certain command. In these instances these attempts trigger the corresponding rules and the firewall hinders the attempts instantly, and then records comprehensive information about them in its logs. ModSecurity is one of the most effective software firewalls on the market and it could easily protect your web applications against a huge number of threats and vulnerabilities, particularly in case you don’t update them or their plugins frequently.

ModSecurity in Website Hosting

ModSecurity comes standard with all website hosting packages that we offer and it'll be switched on automatically for any domain or subdomain which you add/create within your Hepsia hosting CP. The firewall has 3 different modes, so you can activate and deactivate it with just a click or set it to detection mode, so it will maintain a log of all attacks, but it'll not do anything to stop them. The log for each of your websites shall include in-depth info which includes the nature of the attack, where it came from, what action was taken by ModSecurity, and so on. The firewall rules which we use are frequently updated and incorporate both commercial ones we get from a third-party security business and custom ones which our system admins add in the event that they detect a new type of attacks. That way, the sites which you host here shall be way more secure without any action required on your end.

ModSecurity in Semi-dedicated Hosting

We've integrated ModSecurity by default in all semi-dedicated hosting plans, so your web apps shall be protected whenever you install them under any domain or subdomain. The Hepsia CP which comes with the semi-dedicated accounts will permit you to enable or turn off the firewall for any site with a click. You'll also have the ability to turn on a passive detection mode with which ModSecurity will maintain a log of potential attacks without really stopping them. The detailed logs include things like the nature of the attack and what ModSecurity response that attack generated, where it originated from, etc. The list of rules that we employ is frequently updated as to match any new threats that might appear on the Internet and it includes both commercial rules that we get from a security business and custom-written ones which our administrators add in the event that they discover a threat which is not present inside the commercial list yet.

ModSecurity in VPS Hosting

Safety is very important to us, so we set up ModSecurity on all virtual private servers which are set up with the Hepsia CP by default. The firewall could be managed through a dedicated section in Hepsia and is turned on automatically when you add a new domain or generate a subdomain, so you will not have to do anything manually. You shall also be able to deactivate it or switch on the so-called detection mode, so it will keep a log of potential attacks which you can later examine, but shall not prevent them. The logs in both passive and active modes contain info about the kind of the attack and how it was eliminated, what IP address it originated from and other valuable information that might help you to tighten the security of your sites by updating them or blocking IPs, for instance. In addition to the commercial rules that we get for ModSecurity from a third-party security enterprise, we also use our own rules as once in a while we identify specific attacks that aren't yet present within the commercial package. That way, we can easily boost the protection of your VPS in a timely manner as opposed to awaiting an official update.

ModSecurity in Dedicated Web Hosting

When you decide to host your sites on a dedicated server with the Hepsia Control Panel, your web apps will be protected right from the start since ModSecurity is provided with all Hepsia-based packages. You will be able to manage the firewall easily and if necessary, you shall be able to turn it off or enable its passive mode when it'll only maintain a log of what is going on without taking any action to stop potential attacks. The logs which you will find in the exact same section of the Control Panel are quite detailed and include data about the attacker IP address, what website and file were attacked and in what ways, what rule the firewall employed to stop the intrusion, and so forth. This data will permit you to take measures and improve the security of your sites even more. To be on the safe side, we employ not just commercial rules, but also custom-made ones that our staff add every time they identify attacks which haven't yet been included inside the commercial pack.