ModSecurity in Cloud Web Hosting
We provide ModSecurity with all cloud web hosting solutions, so your web apps will be shielded from harmful attacks. The firewall is turned on by default for all domains and subdomains, but in case you would like, you'll be able to stop it via the respective part of your Hepsia CP. You can also switch on a detection mode, so ModSecurity shall keep a log as intended, but will not take any action. The logs which you'll discover inside Hepsia are extremely detailed and offer info about the nature of any attack, when it transpired and from what IP address, the firewall rule which was triggered, etc. We use a group of commercial rules which are frequently updated, but sometimes our administrators add custom rules as well so as to efficiently protect the sites hosted on our servers.
ModSecurity in Semi-dedicated Hosting
Any web program that you install inside your new semi-dedicated hosting account shall be protected by ModSecurity because the firewall comes with all our hosting plans and is activated by default for any domain and subdomain you include or create using your Hepsia hosting CP. You will be able to manage ModSecurity via a dedicated area within Hepsia where not simply can you activate or deactivate it fully, but you may also enable a passive mode, so the firewall won't block anything, but it will still maintain an archive of possible attacks. This normally requires just a mouse click and you'll be able to view the logs regardless if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was dealt with, and so on. The firewall employs 2 sets of rules on our machines - a commercial one that we get from a third-party web security firm and a custom one which our admins update manually as to respond to recently discovered risks immediately.
ModSecurity in VPS Web Hosting
Security is extremely important to us, so we install ModSecurity on all virtual private servers which are provided with the Hepsia Control Panel by default. The firewall could be managed through a dedicated section in Hepsia and is turned on automatically when you include a new domain or generate a subdomain, so you'll not need to do anything by hand. You'll also be able to disable it or activate the so-called detection mode, so it'll maintain a log of possible attacks you can later study, but won't prevent them. The logs in both passive and active modes offer details regarding the form of the attack and how it was eliminated, what IP it came from and other important data which may help you to tighten the security of your Internet sites by updating them or blocking IPs, for instance. In addition to the commercial rules that we get for ModSecurity from a third-party security enterprise, we also employ our own rules since occasionally we discover specific attacks which aren't yet present inside the commercial pack. This way, we can easily enhance the protection of your Virtual private server in a timely manner instead of awaiting an official update.
ModSecurity in Dedicated Servers Hosting
ModSecurity is offered by default with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain that you create on the hosting server. In case that a web application does not operate correctly, you may either switch off the firewall or set it to work in passive mode. The latter means that ModSecurity shall keep a log of any possible attack that may take place, but won't take any action to stop it. The logs created in passive or active mode shall provide you with additional details about the exact file which was attacked, the nature of the attack and the IP it originated from, etc. This information will permit you to determine what steps you can take to increase the protection of your websites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules which we use are updated frequently with a commercial bundle from a third-party security provider we work with, but oftentimes our administrators add their own rules as well in the event that they find a new potential threat.