ModSecurity is a powerful web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its performance and in case it detects an intrusion attempt, it blocks it. The firewall furthermore maintains a more thorough log for the website visitors than any web server does, so you shall be able to monitor what's happening with your sites better than if you rely simply on standard logs. ModSecurity uses security rules based on which it stops attacks. For instance, it recognizes whether somebody is trying to log in to the administration area of a given script a number of times or if a request is sent to execute a file with a specific command. In these cases these attempts set off the corresponding rules and the firewall program blocks the attempts right away, after that records in-depth information about them in its logs. ModSecurity is among the very best software firewalls available and it can easily protect your web apps against thousands of threats and vulnerabilities, particularly in case you don’t update them or their plugins frequently.

ModSecurity in Web Hosting

ModSecurity is available on all web hosting web servers, so when you decide to host your websites with our firm, they shall be resistant to an array of attacks. The firewall is turned on by default for all domains and subdomains, so there will be nothing you shall need to do on your end. You will be able to stop ModSecurity for any site if required, or to activate a detection mode, so that all activity shall be recorded, but the firewall shall not take any real action. You will be able to view detailed logs through your Hepsia CP including the IP where the attack came from, what the attacker wanted to do and how ModSecurity handled the threat. As we take the security of our clients' sites very seriously, we use a collection of commercial rules that we get from one of the best companies that maintain this type of rules. Our administrators also include custom rules to make sure that your websites shall be protected against as many risks as possible.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting plans which we offer come with ModSecurity and given that the firewall is turned on by default, any Internet site you create under a domain or a subdomain shall be secured right from the start. A separate section in the Hepsia Control Panel that comes with the semi-dedicated accounts is dedicated to ModSecurity and it will allow you to stop and start the firewall for any website or enable a detection mode. With the last option, ModSecurity will not take any action, but it will still detect possible attacks and will keep all data within a log as if it were fully active. The logs can be found in the very same section of the Control Panel and they include details about the IP where an attack came from, what its nature was, what rule ModSecurity applies to identify and stop it, etcetera. The security rules we use on our machines are a mix between commercial ones from a security firm and custom ones developed by our system admins. Therefore, we offer higher security for your web applications as we can defend them from attacks before security businesses release updates for brand new threats.

ModSecurity in VPS

Safety is essential to us, so we set up ModSecurity on all virtual private servers that are set up with the Hepsia Control Panel as a standard. The firewall can be managed via a dedicated section in Hepsia and is activated automatically when you add a new domain or create a subdomain, so you will not have to do anything personally. You'll also be able to deactivate it or turn on the so-called detection mode, so it'll keep a log of potential attacks that you can later analyze, but shall not prevent them. The logs in both passive and active modes contain details regarding the kind of the attack and how it was prevented, what IP address it originated from and other valuable info that may help you to tighten the security of your Internet sites by updating them or blocking IPs, for example. On top of the commercial rules we get for ModSecurity from a third-party security enterprise, we also employ our own rules because every now and then we identify specific attacks which aren't yet present within the commercial pack. This way, we can improve the protection of your Virtual private server right away instead of waiting for an official update.

ModSecurity in Dedicated Hosting

When you decide to host your Internet sites on a dedicated server with the Hepsia CP, your web programs shall be protected straight away as ModSecurity is available with all Hepsia-based solutions. You shall be able to manage the firewall effortlessly and if needed, you will be able to turn it off or switch on its passive mode when it will only maintain a log of what's taking place without taking any action to stop possible attacks. The logs which you'll find in the exact same section of the CP are really detailed and contain data about the attacker IP address, what site and file were attacked and in what ways, what rule the firewall employed to prevent the intrusion, etc. This information will allow you to take measures and enhance the security of your Internet sites even more. To be on the safe side, we use not only commercial rules, but also custom-made ones that our admins add when they identify attacks that haven't yet been included within the commercial pack.