ModSecurity is a potent web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its performance and in case it detects an intrusion attempt, it blocks it. The firewall furthermore maintains a more thorough log for the site visitors than any web server does, so you'll manage to keep track of what's going on with your sites a lot better than if you rely simply on conventional logs. ModSecurity uses security rules based on which it stops attacks. For instance, it recognizes if someone is trying to log in to the administration area of a given script several times or if a request is sent to execute a file with a specific command. In these instances these attempts set off the corresponding rules and the firewall program blocks the attempts in real time, after that records in-depth info about them in its logs. ModSecurity is among the very best software firewalls available and it could easily protect your web apps against a huge number of threats and vulnerabilities, especially if you don’t update them or their plugins regularly.

ModSecurity in Cloud Hosting

ModSecurity comes standard with all cloud hosting packages which we provide and it'll be activated automatically for any domain or subdomain which you add/create inside your Hepsia hosting CP. The firewall has three different modes, so you'll be able to switch on and disable it with just a click or set it to detection mode, so it shall maintain a log of all attacks, but it'll not do anything to stop them. The log for any of your websites will feature detailed information such as the nature of the attack, where it came from, what action was taken by ModSecurity, etc. The firewall rules which we use are regularly updated and comprise of both commercial ones which we get from a third-party security firm and custom ones that our system admins add in the event that they detect a new kind of attacks. In this way, the sites that you host here will be much more protected without any action required on your end.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting packages that we offer include ModSecurity and because the firewall is turned on by default, any Internet site which you create under a domain or a subdomain shall be secured right away. A separate section inside the Hepsia Control Panel that comes with the semi-dedicated accounts is devoted to ModSecurity and it shall allow you to start and stop the firewall for any site or switch on a detection mode. With the last mentioned, ModSecurity won't take any action, but it shall still identify possible attacks and shall keep all information in a log as if it were fully active. The logs could be found in the same section of the CP and they offer information about the IP where an attack came from, what its nature was, what rule ModSecurity applies to identify and stop it, etcetera. The security rules we employ on our web servers are a mix of commercial ones from a security firm and custom ones created by our system admins. Therefore, we offer greater security for your web applications as we can protect them from attacks before security firms release updates for new threats.

ModSecurity in VPS

ModSecurity is pre-installed on all virtual private servers which are set up with the Hepsia hosting CP, so your web applications shall be protected from the moment your server is in a position. The firewall is switched on by default for any domain or subdomain on the VPS, but if necessary, you could deactivate it with a mouse click via the corresponding section of Hepsia. You could also set it to work in detection mode, so it'll keep a detailed log of any possible attacks without taking any action to stop them. The logs are available inside the same section and offer info about the nature of the attack, what IP it came from and what ModSecurity rule was initiated to stop it. For maximum security, we employ not simply commercial rules from a company working in the field of web security, but also custom ones which our administrators include personally in order to respond to new risks which are still not addressed in the commercial rules.

ModSecurity in Dedicated Hosting

ModSecurity comes with all dedicated servers that are set up with our Hepsia Control Panel and you won't have to do anything specific on your end to employ it because it's switched on by default each time you include a new domain or subdomain on your hosting server. In case it disrupts any of your programs, you'll be able to stop it via the respective section of Hepsia, or you could leave it operating in passive mode, so it'll detect attacks and shall still maintain a log for them, but will not stop them. You may analyze the logs later to find out what you can do to improve the security of your sites as you will find information such as where an intrusion attempt came from, what website was attacked and based on what rule ModSecurity reacted, and so on. The rules we use are commercial, hence they are regularly updated by a security provider, but to be on the safe side, our staff also add custom rules once in a while in order to deal with any new threats they have found.