ModSecurity is a powerful web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its functionality and if it detects an intrusion attempt, it prevents it. The firewall also keeps a more detailed log for the site visitors than any server does, so you will be able to keep an eye on what is happening with your Internet sites much better than if you rely simply on conventional logs. ModSecurity works with security rules based on which it prevents attacks. For instance, it identifies whether anyone is trying to log in to the administrator area of a given script multiple times or if a request is sent to execute a file with a specific command. In these situations these attempts set off the corresponding rules and the firewall program blocks the attempts instantly, and then records in-depth info about them within its logs. ModSecurity is one of the best software firewalls available and it can easily protect your web apps against a large number of threats and vulnerabilities, particularly if you don’t update them or their plugins regularly.

ModSecurity in Cloud Hosting

We offer ModSecurity with all cloud hosting packages, so your web applications shall be protected against malicious attacks. The firewall is turned on as standard for all domains and subdomains, but in case you'd like, you will be able to stop it using the respective section of your Hepsia Control Panel. You could also activate a detection mode, so ModSecurity will keep a log as intended, but will not take any action. The logs that you'll find within Hepsia are quite detailed and feature information about the nature of any attack, when it took place and from what IP address, the firewall rule that was triggered, and so on. We use a group of commercial rules that are frequently updated, but sometimes our administrators add custom rules as well so as to efficiently protect the Internet sites hosted on our servers.

ModSecurity in Semi-dedicated Hosting

Any web program you install inside your new semi-dedicated hosting account will be protected by ModSecurity as the firewall is included with all our hosting packages and is activated by default for any domain and subdomain which you include or create using your Hepsia hosting Control Panel. You shall be able to manage ModSecurity via a dedicated section in Hepsia where not simply can you activate or deactivate it completely, but you can also switch on a passive mode, so the firewall will not block anything, but it shall still keep a record of potential attacks. This normally requires only a mouse click and you will be able to look at the logs no matter if ModSecurity is in active or passive mode through the same section - what the attack was and where it came from, how it was taken care of, etcetera. The firewall uses 2 sets of rules on our web servers - a commercial one which we get from a third-party web security company and a custom one which our admins update manually as to respond to recently discovered threats as fast as possible.

ModSecurity in VPS Web Hosting

ModSecurity is pre-installed on all virtual private servers which are provided with the Hepsia hosting Control Panel, so your web programs shall be protected from the second your server is ready. The firewall is activated by default for any domain or subdomain on the VPS, but if needed, you'll be able to deactivate it with a click of your mouse from the corresponding section of Hepsia. You can also set it to operate in detection mode, so it'll maintain a detailed log of any potential attacks without taking any action to prevent them. The logs are available within the exact same section and provide details about the nature of the attack, what IP address it came from and what ModSecurity rule was initiated to stop it. For maximum security, we employ not simply commercial rules from a firm operating in the field of web security, but also custom ones our admins include personally so as to react to new risks that are still not tackled in the commercial rules.

ModSecurity in Dedicated Servers Hosting

ModSecurity is provided as standard with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain which you create on the server. In case that a web application doesn't work adequately, you could either switch off the firewall or set it to operate in passive mode. The second means that ModSecurity will keep a log of any possible attack which may happen, but will not take any action to prevent it. The logs created in active or passive mode shall provide you with additional details about the exact file that was attacked, the nature of the attack and the IP address it originated from, etcetera. This info will allow you to choose what measures you can take to boost the protection of your sites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules that we employ are updated constantly with a commercial bundle from a third-party security provider we work with, but oftentimes our staff include their own rules as well in case they find a new potential threat.