ModSecurity is a highly effective firewall for Apache web servers which is used to prevent attacks towards web apps. It monitors the HTTP traffic to a given website in real time and prevents any intrusion attempts the moment it detects them. The firewall relies on a set of rules to accomplish that - as an illustration, attempting to log in to a script administration area unsuccessfully a few times triggers one rule, sending a request to execute a certain file that could result in getting access to the site triggers another rule, etc. ModSecurity is one of the best firewalls out there and it will secure even scripts that aren't updated often as it can prevent attackers from employing known exploits and security holes. Incredibly thorough information about each and every intrusion attempt is recorded and the logs the firewall keeps are a lot more specific than the standard logs created by the Apache server, so you could later take a look at them and decide whether you need to take extra measures in order to increase the protection of your script-driven sites.

ModSecurity in Cloud Website Hosting

ModSecurity comes standard with all cloud website hosting plans which we provide and it'll be activated automatically for any domain or subdomain you add/create inside your Hepsia hosting Control Panel. The firewall has three different modes, so you'll be able to switch on and deactivate it with simply a click or set it to detection mode, so it shall keep a log of all attacks, but it'll not do anything to prevent them. The log for any of your Internet sites shall feature detailed info which includes the nature of the attack, where it originated from, what action was taken by ModSecurity, and so forth. The firewall rules we use are frequently updated and comprise of both commercial ones that we get from a third-party security business and custom ones which our system administrators add in the event that they detect a new sort of attacks. This way, the Internet sites you host here will be way more secure with no action expected on your end.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server plans which we offer come with ModSecurity and because the firewall is enabled by default, any website you set up under a domain or a subdomain will be secured straight away. An independent section inside the Hepsia Control Panel that comes with the semi-dedicated accounts is devoted to ModSecurity and it'll permit you to stop and start the firewall for any site or switch on a detection mode. With the last option, ModSecurity won't take any action, but it will still recognize possible attacks and shall keep all information in a log as if it were completely active. The logs can be found inside the very same section of the Control Panel and they include specifics about the IP where an attack came from, what its nature was, what rule ModSecurity applies to identify and stop it, and so on. The security rules that we employ on our web servers are a mix between commercial ones from a security business and custom ones created by our system admins. Consequently, we provide higher security for your web programs as we can shield them from attacks even before security companies release updates for new threats.

ModSecurity in VPS Servers

Protection is vital to us, so we set up ModSecurity on all VPS servers which are made available with the Hepsia Control Panel as a standard. The firewall could be managed via a dedicated section in Hepsia and is switched on automatically when you add a new domain or generate a subdomain, so you'll not have to do anything personally. You will also be able to disable it or activate the so-called detection mode, so it shall maintain a log of possible attacks which you can later analyze, but shall not prevent them. The logs in both passive and active modes contain information about the type of the attack and how it was eliminated, what IP address it came from and other useful data which could help you to tighten the security of your sites by updating them or blocking IPs, for instance. Besides the commercial rules we get for ModSecurity from a third-party security firm, we also employ our own rules since every now and then we detect specific attacks which are not yet present within the commercial group. That way, we can easily increase the protection of your Virtual private server right away rather than awaiting an official update.

ModSecurity in Dedicated Servers

All of our dedicated servers which are installed with the Hepsia hosting Control Panel come with ModSecurity, so any app that you upload or set up will be protected from the very beginning and you won't need to bother about common attacks or vulnerabilities. An individual section inside Hepsia will enable you to start or stop the firewall for each and every domain or subdomain, or activate a detection mode so that it records information regarding intrusions, but doesn't take actions to stop them. What you will find in the logs can easily help you to secure your sites better - the IP an attack came from, what website was attacked and exactly how, what ModSecurity rule was triggered, and so forth. With this information, you'll be able to see if a website needs an update, whether you ought to block IPs from accessing your hosting server, and so forth. In addition to the third-party commercial security rules for ModSecurity we use, our administrators include custom ones too if they come across a new threat that is not yet in the commercial bundle.