ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its performance and when it identifies an intrusion attempt, it prevents it. The firewall furthermore keeps a more detailed log for the site visitors than any web server does, so you will manage to monitor what's going on with your Internet sites a lot better than if you rely merely on conventional logs. ModSecurity employs security rules based on which it helps prevent attacks. For example, it recognizes if someone is trying to log in to the administration area of a particular script multiple times or if a request is sent to execute a file with a particular command. In these cases these attempts trigger the corresponding rules and the firewall program hinders the attempts in real time, after that records detailed details about them within its logs. ModSecurity is amongst the best software firewalls available and it can easily protect your web apps against thousands of threats and vulnerabilities, particularly if you don’t update them or their plugins frequently.

ModSecurity in Hosting

ModSecurity comes by default with all hosting plans that we supply and it'll be turned on automatically for any domain or subdomain that you add/create within your Hepsia hosting CP. The firewall has 3 different modes, so you can activate and deactivate it with just a mouse click or set it to detection mode, so it'll maintain a log of all attacks, but it'll not do anything to stop them. The log for each of your Internet sites will include detailed info such as the nature of the attack, where it came from, what action was taken by ModSecurity, and so on. The firewall rules we use are frequently updated and include both commercial ones that we get from a third-party security firm and custom ones that our system admins add in the event that they detect a new sort of attacks. In this way, the websites which you host here will be way more protected without any action required on your end.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting packages which we offer come with ModSecurity and because the firewall is enabled by default, any site that you build under a domain or a subdomain shall be secured right from the start. An individual section in the Hepsia Control Panel that comes with the semi-dedicated accounts is devoted to ModSecurity and it shall permit you to stop and start the firewall for any Internet site or switch on a detection mode. With the last option, ModSecurity won't take any action, but it'll still recognize possible attacks and will keep all information within a log as if it were completely active. The logs could be found within the very same section of the Control Panel and they include info about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to identify and stop it, etcetera. The security rules which we use on our servers are a mix of commercial ones from a security firm and custom ones developed by our system administrators. For that reason, we provide greater security for your web applications as we can protect them from attacks even before security businesses release updates for new threats.

ModSecurity in VPS Hosting

All virtual private servers that are offered with the Hepsia CP feature ModSecurity. The firewall is installed and activated by default for all domains that are hosted on the machine, so there will not be anything special that you'll have to do to protect your sites. It'll take you only a mouse click to stop ModSecurity if required or to activate its passive mode so that it records what occurs without taking any actions to prevent intrusions. You shall be able to see the logs created in passive or active mode from the corresponding section of Hepsia and learn more about the type of the attack, where it came from, what rule the firewall employed to take care of it, etcetera. We use a mix of commercial and custom rules in order to ensure that ModSecurity will stop as many risks as possible, consequently increasing the security of your web programs as much as possible.

ModSecurity in Dedicated Web Hosting

ModSecurity is available as standard with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain that you create on the hosting server. In case that a web application does not function properly, you can either turn off the firewall or set it to operate in passive mode. The second means that ModSecurity will maintain a log of any potential attack which may happen, but will not take any action to stop it. The logs created in passive or active mode shall provide you with more details about the exact file that was attacked, the nature of the attack and the IP it originated from, etc. This data shall allow you to choose what measures you can take to boost the safety of your websites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules which we employ are updated frequently with a commercial pack from a third-party security enterprise we work with, but from time to time our admins add their own rules also when they discover a new potential threat.