ModSecurity is a highly effective firewall for Apache web servers that's used to stop attacks toward web applications. It tracks the HTTP traffic to a given site in real time and blocks any intrusion attempts the instant it identifies them. The firewall relies on a set of rules to accomplish that - for example, trying to log in to a script administration area unsuccessfully several times triggers one rule, sending a request to execute a specific file that may result in accessing the site triggers a different rule, and so on. ModSecurity is amongst the best firewalls around and it will preserve even scripts which aren't updated often because it can prevent attackers from employing known exploits and security holes. Incredibly thorough information about every intrusion attempt is recorded and the logs the firewall maintains are a lot more comprehensive than the standard logs generated by the Apache server, so you could later examine them and decide whether you need to take more measures in order to enhance the security of your script-driven websites.

ModSecurity in Shared Website Hosting

We offer ModSecurity with all shared website hosting packages, so your Internet apps will be protected against destructive attacks. The firewall is turned on by default for all domains and subdomains, but if you would like, you will be able to stop it through the respective area of your Hepsia CP. You could also switch on a detection mode, so ModSecurity shall keep a log as intended, but won't take any action. The logs that you'll discover within Hepsia are extremely detailed and feature info about the nature of any attack, when it occurred and from what IP address, the firewall rule that was triggered, etc. We employ a group of commercial rules that are often updated, but sometimes our administrators include custom rules as well in order to better protect the Internet sites hosted on our machines.

ModSecurity in Semi-dedicated Hosting

ModSecurity is a part of our semi-dedicated hosting solutions and if you decide to host your websites with our company, there shall not be anything special you will have to do as the firewall is turned on by default for all domains and subdomains you include using your hosting CP. If required, you can disable ModSecurity for a particular website or enable the so-called detection mode in which case the firewall will still work and record data, but shall not do anything to stop potential attacks on your sites. Detailed logs will be accessible in your Control Panel and you will be able to see what type of attacks took place, what security rules were triggered and how the firewall dealt with the threats, what IP addresses the attacks originated from, etcetera. We use 2 types of rules on our servers - commercial ones from a firm which operates in the field of web security, and custom made ones that our administrators occasionally include to respond to newly found threats promptly.

ModSecurity in VPS Hosting

ModSecurity is provided with all Hepsia-based virtual private servers we offer and it'll be turned on automatically for every new domain or subdomain which you include on the server. This way, any web app that you install will be protected from the very beginning without doing anything personally on your end. The firewall could be managed through the section of the Control Panel that has the same name. This is the place in whichyou can switch off ModSecurity or let its passive mode, so it won't take any action towards threats, but shall still keep a detailed log. The recorded information is available inside the same section as well and you'll be able to see what IPs any attacks came from so that you can stop them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity reacted. The rules that we use on our servers are a blend between commercial ones we obtain from a security firm and custom ones which are included by our admins to enhance the security of any web applications hosted on our end.

ModSecurity in Dedicated Web Hosting

ModSecurity is offered as standard with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain which you create on the web server. Just in case that a web app does not operate adequately, you may either disable the firewall or set it to operate in passive mode. The latter means that ModSecurity will keep a log of any possible attack that may happen, but shall not take any action to stop it. The logs produced in active or passive mode shall provide you with more details about the exact file which was attacked, the form of the attack and the IP it originated from, and so forth. This information will allow you to choose what steps you can take to enhance the security of your Internet sites, including blocking IPs or performing script and plugin updates. The ModSecurity rules which we use are updated constantly with a commercial pack from a third-party security firm we work with, but from time to time our staff include their own rules as well when they identify a new potential threat.