ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to an Internet site without affecting its overall performance and if it discovers an intrusion attempt, it prevents it. The firewall also keeps a more comprehensive log for the traffic than any web server does, so you shall be able to keep an eye on what is going on with your websites better than if you rely merely on standard logs. ModSecurity employs security rules based on which it helps prevent attacks. For instance, it recognizes if somebody is attempting to log in to the admin area of a specific script a number of times or if a request is sent to execute a file with a particular command. In such instances these attempts set off the corresponding rules and the firewall program blocks the attempts immediately, then records in-depth info about them in its logs. ModSecurity is amongst the very best software firewalls available and it can easily protect your web applications against a huge number of threats and vulnerabilities, particularly in case you don’t update them or their plugins regularly.

ModSecurity in Shared Website Hosting

We provide ModSecurity with all shared website hosting packages, so your web apps will be resistant to destructive attacks. The firewall is switched on as standard for all domains and subdomains, but in case you would like, you shall be able to stop it via the respective part of your Hepsia Control Panel. You'll be able to also switch on a detection mode, so ModSecurity shall keep a log as intended, but will not take any action. The logs which you'll discover in Hepsia are very detailed and offer info about the nature of any attack, when it occurred and from what IP, the firewall rule that was triggered, and so on. We employ a set of commercial rules which are constantly updated, but sometimes our administrators include custom rules as well in order to efficiently protect the websites hosted on our machines.

ModSecurity in Semi-dedicated Hosting

We have integrated ModSecurity by default in all semi-dedicated hosting products, so your web applications will be protected the instant you set them up under any domain or subdomain. The Hepsia Control Panel which is included with the semi-dedicated accounts will permit you to activate or turn off the firewall for any site with a click. You shall also be able to switch on a passive detection mode in which ModSecurity shall maintain a log of potential attacks without really stopping them. The comprehensive logs include things like the nature of the attack and what ModSecurity response this attack generated, where it came from, and so on. The list of rules we use is constantly updated as to match any new threats that may appear on the Internet and it includes both commercial rules that we get from a security business and custom-written ones which our admins include if they discover a threat that's not present in the commercial list yet.

ModSecurity in VPS Web Hosting

Security is extremely important to us, so we install ModSecurity on all virtual private servers which are set up with the Hepsia Control Panel by default. The firewall could be managed through a dedicated section within Hepsia and is switched on automatically when you add a new domain or create a subdomain, so you'll not need to do anything personally. You'll also be able to deactivate it or switch on the so-called detection mode, so it will maintain a log of possible attacks you can later analyze, but will not block them. The logs in both passive and active modes include information about the form of the attack and how it was eliminated, what IP it originated from and other valuable data which could help you to tighten the security of your websites by updating them or blocking IPs, for instance. In addition to the commercial rules we get for ModSecurity from a third-party security firm, we also use our own rules because every now and then we discover specific attacks that aren't yet present in the commercial group. That way, we can enhance the protection of your VPS in a timely manner instead of awaiting a certified update.

ModSecurity in Dedicated Servers Hosting

ModSecurity is offered by default with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain that you create on the server. In case that a web app does not function adequately, you could either turn off the firewall or set it to work in passive mode. The latter means that ModSecurity shall keep a log of any possible attack that may occur, but shall not take any action to stop it. The logs created in active or passive mode shall offer you additional details about the exact file which was attacked, the type of the attack and the IP address it came from, and so forth. This data will allow you to decide what actions you can take to improve the protection of your websites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules which we employ are updated regularly with a commercial pack from a third-party security provider we work with, but occasionally our staff add their own rules too in the event that they come across a new potential threat.