ModSecurity is a potent web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to an Internet site without affecting its operation and when it discovers an intrusion attempt, it prevents it. The firewall additionally maintains a more comprehensive log for the traffic than any server does, so you shall be able to keep an eye on what's happening with your Internet sites a lot better than if you rely simply on standard logs. ModSecurity uses security rules based on which it helps prevent attacks. For example, it recognizes if somebody is trying to log in to the administrator area of a certain script several times or if a request is sent to execute a file with a specific command. In such circumstances these attempts set off the corresponding rules and the firewall software hinders the attempts in real time, and then records comprehensive info about them inside its logs. ModSecurity is one of the very best software firewalls on the market and it could easily protect your web applications against thousands of threats and vulnerabilities, particularly if you don’t update them or their plugins regularly.

ModSecurity in Cloud Website Hosting

ModSecurity is provided with all cloud website hosting web servers, so if you decide to host your Internet sites with our business, they shall be protected against a wide array of attacks. The firewall is enabled by default for all domains and subdomains, so there will be nothing you shall need to do on your end. You'll be able to stop ModSecurity for any Internet site if needed, or to switch on a detection mode, so all activity will be recorded, but the firewall will not take any real action. You'll be able to view detailed logs via your Hepsia CP including the IP where the attack originated from, what the attacker planned to do and how ModSecurity handled the threat. As we take the protection of our customers' Internet sites seriously, we use a group of commercial rules that we take from one of the top companies that maintain this sort of rules. Our administrators also include custom rules to make sure that your sites will be protected against as many risks as possible.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting solutions which we offer come with ModSecurity and since the firewall is enabled by default, any website that you set up under a domain or a subdomain will be protected straight away. An individual section inside the Hepsia Control Panel that comes with the semi-dedicated accounts is dedicated to ModSecurity and it shall permit you to stop and start the firewall for any website or enable a detection mode. With the latter, ModSecurity won't take any action, but it shall still detect possible attacks and shall keep all data within a log as if it were 100% active. The logs can be found within the very same section of the Control Panel and they offer information regarding the IP where an attack came from, what its nature was, what rule ModSecurity applies to detect and stop it, and so forth. The security rules we employ on our servers are a mix of commercial ones from a security firm and custom ones developed by our system admins. Consequently, we offer greater security for your web apps as we can shield them from attacks even before security companies release updates for brand new threats.

ModSecurity in VPS

Safety is very important to us, so we set up ModSecurity on all virtual private servers that are set up with the Hepsia CP as a standard. The firewall could be managed through a dedicated section in Hepsia and is switched on automatically when you add a new domain or create a subdomain, so you will not have to do anything by hand. You shall also be able to deactivate it or activate the so-called detection mode, so it'll keep a log of possible attacks you can later examine, but will not stop them. The logs in both passive and active modes offer info regarding the form of the attack and how it was stopped, what IP address it originated from and other important info that might help you to tighten the security of your Internet sites by updating them or blocking IPs, for example. On top of the commercial rules that we get for ModSecurity from a third-party security firm, we also employ our own rules as every now and then we identify specific attacks that aren't yet present inside the commercial pack. This way, we can enhance the security of your Virtual private server instantly as opposed to awaiting a certified update.

ModSecurity in Dedicated Hosting

ModSecurity comes with all dedicated servers which are set up with our Hepsia Control Panel and you won't need to do anything specific on your end to use it because it's turned on by default each time you add a new domain or subdomain on your server. In case it interferes with any of your applications, you will be able to stop it through the respective section of Hepsia, or you can leave it working in passive mode, so it'll identify attacks and will still keep a log for them, but won't block them. You may analyze the logs later to learn what you can do to improve the security of your websites since you shall find information such as where an intrusion attempt came from, what website was attacked and based upon what rule ModSecurity responded, and so on. The rules we use are commercial, hence they're constantly updated by a security company, but to be on the safe side, our staff also add custom rules occasionally in order to deal with any new threats they have discovered.