ModSecurity is a potent web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its operation and when it identifies an intrusion attempt, it blocks it. The firewall additionally keeps a more detailed log for the traffic than any server does, so you shall manage to keep an eye on what is happening with your websites a lot better than if you rely merely on standard logs. ModSecurity works with security rules based on which it prevents attacks. For example, it detects whether somebody is attempting to log in to the administrator area of a given script several times or if a request is sent to execute a file with a particular command. In these situations these attempts trigger the corresponding rules and the firewall program hinders the attempts right away, after that records in-depth information about them in its logs. ModSecurity is one of the very best software firewalls available and it can easily protect your web applications against a large number of threats and vulnerabilities, particularly in case you don’t update them or their plugins often.

ModSecurity in Cloud Web Hosting

We provide ModSecurity with all cloud web hosting solutions, so your web apps will be shielded from harmful attacks. The firewall is turned on by default for all domains and subdomains, but in case you would like, you'll be able to stop it via the respective part of your Hepsia CP. You can also switch on a detection mode, so ModSecurity shall keep a log as intended, but will not take any action. The logs which you'll discover inside Hepsia are extremely detailed and offer info about the nature of any attack, when it transpired and from what IP address, the firewall rule which was triggered, etc. We use a group of commercial rules which are frequently updated, but sometimes our administrators add custom rules as well so as to efficiently protect the sites hosted on our servers.

ModSecurity in Semi-dedicated Hosting

Any web program that you install inside your new semi-dedicated hosting account shall be protected by ModSecurity because the firewall comes with all our hosting plans and is activated by default for any domain and subdomain you include or create using your Hepsia hosting CP. You will be able to manage ModSecurity via a dedicated area within Hepsia where not simply can you activate or deactivate it fully, but you may also enable a passive mode, so the firewall won't block anything, but it will still maintain an archive of possible attacks. This normally requires just a mouse click and you'll be able to view the logs regardless if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was dealt with, and so on. The firewall employs 2 sets of rules on our machines - a commercial one that we get from a third-party web security firm and a custom one which our admins update manually as to respond to recently discovered risks immediately.

ModSecurity in VPS Web Hosting

Security is extremely important to us, so we install ModSecurity on all virtual private servers which are provided with the Hepsia Control Panel by default. The firewall could be managed through a dedicated section in Hepsia and is turned on automatically when you include a new domain or generate a subdomain, so you'll not need to do anything by hand. You'll also be able to disable it or activate the so-called detection mode, so it'll maintain a log of possible attacks you can later study, but won't prevent them. The logs in both passive and active modes offer details regarding the form of the attack and how it was eliminated, what IP it came from and other important data which may help you to tighten the security of your Internet sites by updating them or blocking IPs, for instance. In addition to the commercial rules that we get for ModSecurity from a third-party security enterprise, we also employ our own rules since occasionally we discover specific attacks which aren't yet present inside the commercial pack. This way, we can easily enhance the protection of your Virtual private server in a timely manner instead of awaiting an official update.

ModSecurity in Dedicated Servers Hosting

ModSecurity is offered by default with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain that you create on the hosting server. In case that a web application does not operate correctly, you may either switch off the firewall or set it to work in passive mode. The latter means that ModSecurity shall keep a log of any possible attack that may take place, but won't take any action to stop it. The logs created in passive or active mode shall provide you with additional details about the exact file which was attacked, the nature of the attack and the IP it originated from, etc. This information will permit you to determine what steps you can take to increase the protection of your websites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules which we use are updated frequently with a commercial bundle from a third-party security provider we work with, but oftentimes our administrators add their own rules as well in the event that they find a new potential threat.