ModSecurity is a powerful web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its overall performance and if it detects an intrusion attempt, it prevents it. The firewall also maintains a more thorough log for the traffic than any web server does, so you will be able to keep an eye on what is going on with your websites better than if you rely only on conventional logs. ModSecurity works with security rules based on which it helps prevent attacks. For example, it identifies whether anyone is attempting to log in to the admin area of a specific script multiple times or if a request is sent to execute a file with a particular command. In such instances these attempts set off the corresponding rules and the firewall blocks the attempts instantly, after that records in-depth information about them within its logs. ModSecurity is one of the best software firewalls available and it could easily protect your web apps against a large number of threats and vulnerabilities, especially if you don’t update them or their plugins frequently.

ModSecurity in Shared Hosting

ModSecurity comes standard with all shared hosting solutions that we supply and it shall be turned on automatically for any domain or subdomain that you add/create in your Hepsia hosting Control Panel. The firewall has 3 different modes, so you'll be able to switch on and deactivate it with simply a mouse click or set it to detection mode, so it shall maintain a log of all attacks, but it shall not do anything to stop them. The log for each of your sites will contain in-depth info which includes the nature of the attack, where it originated from, what action was taken by ModSecurity, etc. The firewall rules we use are regularly updated and consist of both commercial ones which we get from a third-party security business and custom ones that our system administrators add in case that they detect a new sort of attacks. This way, the websites you host here will be far more protected with no action required on your end.

ModSecurity in Semi-dedicated Hosting

ModSecurity is part of our semi-dedicated hosting plans and if you opt to host your sites with us, there won't be anything special you'll need to do given that the firewall is activated by default for all domains and subdomains you include using your hosting CP. If necessary, you'll be able to disable ModSecurity for a particular website or switch on the so-called detection mode in which case the firewall shall still operate and record information, but won't do anything to prevent possible attacks on your websites. Comprehensive logs will be readily available within your Control Panel and you will be able to see what type of attacks took place, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks originated from, and so on. We employ two sorts of rules on our servers - commercial ones from a business which operates in the field of web security, and custom ones which our admins sometimes add to respond to newly discovered risks on time.

ModSecurity in VPS Hosting

ModSecurity comes with all Hepsia-based virtual private servers we offer and it will be turned on automatically for any new domain or subdomain you include on the machine. This way, any web app you install shall be protected immediately without doing anything manually on your end. The firewall may be managed from the section of the CP that has the same name. This is the location whereyou can turn off ModSecurity or let its passive mode, so it won't take any action towards threats, but shall still keep a thorough log. The recorded information is available in the same area as well and you will be able to see what IPs any attacks originated from so that you can block them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity reacted. The rules we use on our servers are a blend between commercial ones we get from a security organization and custom ones that are included by our admins to enhance the protection of any web applications hosted on our end.

ModSecurity in Dedicated Web Hosting

ModSecurity comes with all dedicated servers which are integrated with our Hepsia CP and you'll not have to do anything specific on your end to use it as it is turned on by default whenever you add a new domain or subdomain on your hosting server. In case it interferes with some of your programs, you will be able to stop it through the respective section of Hepsia, or you can leave it working in passive mode, so it will identify attacks and will still keep a log for them, but will not block them. You could look at the logs later to learn what you can do to enhance the security of your Internet sites since you will find information such as where an intrusion attempt came from, what Internet site was attacked and based upon what rule ModSecurity reacted, and so forth. The rules which we employ are commercial, thus they're regularly updated by a security firm, but to be on the safe side, our staff also include custom rules every now and then as to respond to any new threats they have found.