ModSecurity is a highly effective web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its overall performance and when it identifies an intrusion attempt, it prevents it. The firewall additionally maintains a more detailed log for the site visitors than any server does, so you will manage to keep an eye on what is going on with your websites a lot better than if you rely only on conventional logs. ModSecurity works with security rules based on which it helps prevent attacks. For example, it recognizes if someone is trying to log in to the administrator area of a particular script a number of times or if a request is sent to execute a file with a specific command. In such cases these attempts trigger the corresponding rules and the firewall software hinders the attempts right away, and then records detailed information about them within its logs. ModSecurity is amongst the most effective software firewalls on the market and it can easily protect your web apps against a large number of threats and vulnerabilities, especially if you don’t update them or their plugins often.

ModSecurity in Website Hosting

ModSecurity can be found with each and every website hosting solution that we offer and it's turned on by default for any domain or subdomain that you include through your Hepsia Control Panel. In the event that it interferes with any of your apps or you'd like to disable it for some reason, you shall be able to do that through the ModSecurity area of Hepsia with merely a mouse click. You could also use a passive mode, so the firewall will recognize possible attacks and maintain a log, but shall not take any action. You could view detailed logs in the same section, including the IP address where the attack originated from, what exactly the attacker aimed to do and at what time, what ModSecurity did, etcetera. For max safety of our customers we use a collection of commercial firewall rules blended with custom ones that are provided by our system administrators.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting packages which we offer include ModSecurity and given that the firewall is switched on by default, any site that you create under a domain or a subdomain shall be protected straight away. An independent section within the Hepsia Control Panel that comes with the semi-dedicated accounts is dedicated to ModSecurity and it will allow you to stop and start the firewall for any site or enable a detection mode. With the latter, ModSecurity won't take any action, but it will still identify possible attacks and shall keep all info within a log as if it were 100% active. The logs can be found in the very same section of the Control Panel and they offer information regarding the IP where an attack came from, what its nature was, what rule ModSecurity applies to detect and stop it, and so on. The security rules which we use on our servers are a mix of commercial ones from a security company and custom ones developed by our system administrators. Therefore, we provide increased security for your web programs as we can shield them from attacks even before security corporations release updates for new threats.

ModSecurity in VPS

Protection is extremely important to us, so we set up ModSecurity on all virtual private servers which are made available with the Hepsia Control Panel as a standard. The firewall can be managed via a dedicated section inside Hepsia and is turned on automatically when you add a new domain or create a subdomain, so you will not have to do anything personally. You will also be able to disable it or turn on the so-called detection mode, so it shall maintain a log of potential attacks that you can later analyze, but shall not prevent them. The logs in both passive and active modes offer info about the form of the attack and how it was prevented, what IP it originated from and other important info which might help you to tighten the security of your sites by updating them or blocking IPs, as an example. In addition to the commercial rules we get for ModSecurity from a third-party security company, we also use our own rules since from time to time we discover specific attacks that aren't yet present inside the commercial pack. That way, we could boost the security of your Virtual private server promptly instead of waiting for a certified update.

ModSecurity in Dedicated Hosting

When you choose to host your sites on a dedicated server with the Hepsia CP, your web applications shall be protected right from the start as ModSecurity is available with all Hepsia-based plans. You'll be able to regulate the firewall with ease and if required, you will be able to turn it off or activate its passive mode when it'll only keep a log of what is taking place without taking any action to stop potential attacks. The logs that you will find in the very same section of the CP are extremely detailed and include info about the attacker IP address, what website and file were attacked and in what ways, what rule the firewall used to stop the intrusion, and so forth. This data will permit you to take measures and increase the security of your Internet sites even more. To be on the safe side, we use not only commercial rules, but also custom-made ones which our administrators add whenever they recognize attacks which haven't yet been included in the commercial pack.