ModSecurity is a highly effective web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its functionality and in case it discovers an intrusion attempt, it blocks it. The firewall furthermore keeps a more thorough log for the site visitors than any web server does, so you'll manage to keep track of what's going on with your sites better than if you rely simply on conventional logs. ModSecurity employs security rules based on which it stops attacks. For example, it detects whether someone is attempting to log in to the administrator area of a specific script several times or if a request is sent to execute a file with a specific command. In these cases these attempts set off the corresponding rules and the firewall hinders the attempts instantly, after that records comprehensive details about them in its logs. ModSecurity is one of the most effective software firewalls on the market and it can easily protect your web apps against many threats and vulnerabilities, particularly if you don’t update them or their plugins often.

ModSecurity in Shared Hosting

ModSecurity is provided with all shared hosting servers, so if you decide to host your sites with our organization, they shall be shielded from a wide array of attacks. The firewall is turned on as standard for all domains and subdomains, so there shall be nothing you'll have to do on your end. You'll be able to stop ModSecurity for any site if necessary, or to enable a detection mode, so that all activity will be recorded, but the firewall shall not take any real action. You will be able to view specific logs through your Hepsia Control Panel including the IP where the attack originated from, what the attacker wanted to do and how ModSecurity dealt with the threat. As we take the protection of our customers' websites very seriously, we use a set of commercial rules that we take from one of the leading companies which maintain this sort of rules. Our admins also add custom rules to make certain that your Internet sites shall be resistant to as many threats as possible.

ModSecurity in Semi-dedicated Servers

Any web application which you install within your new semi-dedicated server account shall be protected by ModSecurity as the firewall is provided with all our hosting packages and is activated by default for any domain and subdomain you add or create through your Hepsia hosting CP. You'll be able to manage ModSecurity via a dedicated section within Hepsia where not simply could you activate or deactivate it entirely, but you can also switch on a passive mode, so the firewall won't block anything, but it'll still maintain an archive of potential attacks. This takes only a click and you shall be able to look at the logs regardless of if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was dealt with, and so on. The firewall uses 2 sets of rules on our web servers - a commercial one that we get from a third-party web security provider and a custom one which our administrators update personally in order to respond to newly discovered risks as fast as possible.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers which are provided with the Hepsia hosting CP, so your web apps will be secured from the moment your server is in a position. The firewall is activated by default for any domain or subdomain on the Virtual Private Server, but if needed, you'll be able to deactivate it with a click from the corresponding section of Hepsia. You may also set it to operate in detection mode, so it shall maintain a detailed log of any potential attacks without taking any action to prevent them. The logs are available inside the exact same section and provide information regarding the nature of the attack, what IP it originated from and what ModSecurity rule was triggered to stop it. For best security, we use not only commercial rules from a company working in the field of web security, but also custom ones that our admins include personally so as to react to new risks which are still not addressed in the commercial rules.

ModSecurity in Dedicated Servers

All our dedicated servers which are installed with the Hepsia hosting Control Panel include ModSecurity, so any app which you upload or set up will be properly secured from the very beginning and you won't have to worry about common attacks or vulnerabilities. An independent section inside Hepsia will permit you to start or stop the firewall for any domain or subdomain, or turn on a detection mode so that it records information about intrusions, but does not take actions to stop them. What you will find in the logs can easily allow you to to secure your Internet sites better - the IP an attack came from, what site was attacked and how, what ModSecurity rule was triggered, and so on. With this info, you can see if a site needs an update, whether you need to block IPs from accessing your hosting server, etc. In addition to the third-party commercial security rules for ModSecurity that we use, our admins add custom ones as well if they find a new threat that is not yet a part of the commercial bundle.