ModSecurity is a highly effective web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to an Internet site without affecting its functionality and if it discovers an intrusion attempt, it prevents it. The firewall furthermore maintains a more comprehensive log for the site visitors than any web server does, so you will be able to keep an eye on what's happening with your sites much better than if you rely merely on standard logs. ModSecurity employs security rules based on which it stops attacks. For example, it identifies if somebody is trying to log in to the admin area of a given script multiple times or if a request is sent to execute a file with a certain command. In these instances these attempts trigger the corresponding rules and the firewall program blocks the attempts right away, and then records comprehensive details about them in its logs. ModSecurity is one of the most effective software firewalls out there and it can easily protect your web applications against a huge number of threats and vulnerabilities, particularly in case you don’t update them or their plugins frequently.

ModSecurity in Shared Hosting

We provide ModSecurity with all shared hosting plans, so your Internet applications will be protected against destructive attacks. The firewall is switched on as standard for all domains and subdomains, but in case you would like, you shall be able to stop it using the respective section of your Hepsia Control Panel. You could also switch on a detection mode, so ModSecurity shall keep a log as intended, but shall not take any action. The logs which you'll find within Hepsia are quite detailed and include data about the nature of any attack, when it occurred and from what IP, the firewall rule that was triggered, etc. We use a set of commercial rules which are constantly updated, but sometimes our admins add custom rules as well in order to efficiently protect the websites hosted on our servers.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting solutions that we offer come with ModSecurity and because the firewall is enabled by default, any Internet site which you create under a domain or a subdomain shall be protected immediately. A separate section in the Hepsia Control Panel that comes with the semi-dedicated accounts is dedicated to ModSecurity and it will enable you to start and stop the firewall for any site or enable a detection mode. With the latter, ModSecurity won't take any action, but it shall still identify possible attacks and shall keep all info within a log as if it were completely active. The logs can be found in the exact same section of the Control Panel and they include specifics about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to detect and stop it, etc. The security rules that we employ on our machines are a mix of commercial ones from a security business and custom ones developed by our system admins. For that reason, we offer greater security for your web apps as we can shield them from attacks even before security corporations release updates for brand new threats.

ModSecurity in VPS Hosting

ModSecurity is pre-installed on all virtual private servers that are offered with the Hepsia hosting Control Panel, so your web apps will be protected from the instant your server is in a position. The firewall is turned on by default for any domain or subdomain on the Virtual Private Server, but if needed, you'll be able to deactivate it with a click through the corresponding section of Hepsia. You may also set it to operate in detection mode, so it will keep a comprehensive log of any possible attacks without taking any action to prevent them. The logs are available inside the same section and offer info about the nature of the attack, what IP address it came from and what ModSecurity rule was triggered to stop it. For maximum security, we use not only commercial rules from a company operating in the field of web security, but also custom ones which our admins include manually so as to respond to new risks which are still not dealt with in the commercial rules.

ModSecurity in Dedicated Web Hosting

ModSecurity is provided with all dedicated servers which are set up with our Hepsia Control Panel and you won't have to do anything specific on your end to use it as it is enabled by default each time you include a new domain or subdomain on your server. In the event that it disrupts some of your applications, you shall be able to stop it via the respective part of Hepsia, or you may leave it in passive mode, so it'll recognize attacks and shall still maintain a log for them, but shall not stop them. You'll be able to analyze the logs later to determine what you can do to enhance the security of your Internet sites as you will find information such as where an intrusion attempt originated from, what website was attacked and in accordance with what rule ModSecurity responded, and so forth. The rules which we use are commercial, therefore they're frequently updated by a security provider, but to be on the safe side, our admins also include custom rules occasionally as to deal with any new threats they have discovered.