ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its operation and when it discovers an intrusion attempt, it prevents it. The firewall furthermore keeps a more thorough log for the traffic than any web server does, so you will be able to keep an eye on what is going on with your sites much better than if you rely simply on standard logs. ModSecurity works with security rules based on which it helps prevent attacks. For instance, it identifies whether anyone is trying to log in to the administration area of a particular script multiple times or if a request is sent to execute a file with a particular command. In such circumstances these attempts trigger the corresponding rules and the firewall software blocks the attempts instantly, after that records in-depth info about them within its logs. ModSecurity is one of the very best software firewalls available and it could easily protect your web apps against thousands of threats and vulnerabilities, particularly in case you don’t update them or their plugins frequently.

ModSecurity in Cloud Website Hosting

ModSecurity comes by default with all cloud website hosting packages which we offer and it will be activated automatically for any domain or subdomain that you add/create inside your Hepsia hosting Control Panel. The firewall has 3 different modes, so you can activate and deactivate it with a click or set it to detection mode, so it shall maintain a log of all attacks, but it shall not do anything to prevent them. The log for any of your Internet sites will contain in-depth information such as the nature of the attack, where it originated from, what action was taken by ModSecurity, etc. The firewall rules which we use are constantly updated and include both commercial ones we get from a third-party security firm and custom ones which our system administrators add in case that they detect a new kind of attacks. That way, the sites you host here shall be far more secure without any action expected on your end.

ModSecurity in Semi-dedicated Hosting

ModSecurity is a part of our semi-dedicated hosting plans and if you decide to host your Internet sites with us, there shall not be anything special you'll need to do since the firewall is activated by default for all domains and subdomains that you add using your hosting Control Panel. If necessary, you'll be able to disable ModSecurity for a particular website or enable the so-called detection mode in which case the firewall will still work and record info, but shall not do anything to stop possible attacks against your Internet sites. Comprehensive logs shall be available in your Control Panel and you will be able to see what type of attacks happened, what security rules were triggered and how the firewall handled the threats, what IP addresses the attacks came from, etc. We use two kinds of rules on our servers - commercial ones from a firm which operates in the field of web security, and custom ones that our admins often include to respond to newly identified risks promptly.

ModSecurity in VPS Hosting

ModSecurity comes with all Hepsia-based virtual private servers that we offer and it shall be switched on automatically for any new domain or subdomain that you include on the machine. In this way, any web application you install shall be secured from the very beginning without doing anything by hand on your end. The firewall could be handled via the section of the Control Panel that bears the same name. This is the area in whichyou can switch off ModSecurity or activate its passive mode, so it won't take any action against threats, but shall still keep a comprehensive log. The recorded information is available inside the same section as well and you will be able to see what IPs any attacks originated from so that you can block them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity responded. The rules we use on our servers are a mix between commercial ones that we obtain from a security company and custom ones that are included by our administrators to optimize the security of any web apps hosted on our end.

ModSecurity in Dedicated Web Hosting

ModSecurity is included with all dedicated servers that are set up with our Hepsia CP and you won't need to do anything specific on your end to employ it as it's activated by default every time you include a new domain or subdomain on your hosting server. If it interferes with some of your applications, you'll be able to stop it via the respective part of Hepsia, or you could leave it in passive mode, so it shall identify attacks and shall still keep a log for them, but shall not prevent them. You can examine the logs later to learn what you can do to improve the security of your Internet sites as you shall find info such as where an intrusion attempt originated from, what site was attacked and based on what rule ModSecurity reacted, etc. The rules that we employ are commercial, thus they're regularly updated by a security provider, but to be on the safe side, our administrators also add custom rules every now and then in order to react to any new threats they have found.