ModSecurity is a highly effective web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its operation and when it detects an intrusion attempt, it blocks it. The firewall additionally keeps a more comprehensive log for the site visitors than any server does, so you shall manage to keep track of what's going on with your sites much better than if you rely simply on standard logs. ModSecurity works with security rules based on which it helps prevent attacks. For example, it recognizes if anyone is attempting to log in to the administration area of a particular script multiple times or if a request is sent to execute a file with a certain command. In these situations these attempts set off the corresponding rules and the software blocks the attempts right away, and then records comprehensive information about them within its logs. ModSecurity is among the most effective software firewalls on the market and it could easily protect your web applications against thousands of threats and vulnerabilities, especially if you don’t update them or their plugins often.

ModSecurity in Cloud Hosting

We offer ModSecurity with all cloud hosting packages, so your web apps will be resistant to harmful attacks. The firewall is turned on by default for all domains and subdomains, but if you'd like, you shall be able to stop it through the respective area of your Hepsia Control Panel. You could also activate a detection mode, so ModSecurity will keep a log as intended, but won't take any action. The logs that you shall find within Hepsia are incredibly detailed and feature information about the nature of any attack, when it took place and from what IP address, the firewall rule that was triggered, etc. We use a set of commercial rules which are frequently updated, but sometimes our admins add custom rules as well so as to efficiently protect the sites hosted on our machines.

ModSecurity in Semi-dedicated Hosting

Any web program you set up in your new semi-dedicated hosting account will be protected by ModSecurity since the firewall is provided with all our hosting packages and is activated by default for any domain and subdomain which you include or create via your Hepsia hosting Control Panel. You'll be able to manage ModSecurity through a dedicated area in Hepsia where not simply could you activate or deactivate it completely, but you could also switch on a passive mode, so the firewall shall not stop anything, but it shall still keep a record of potential attacks. This takes only a mouse click and you'll be able to see the logs regardless of if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was dealt with, etcetera. The firewall employs two sets of rules on our servers - a commercial one which we get from a third-party web security firm and a custom one which our admins update personally as to respond to recently discovered risks at the earliest opportunity.

ModSecurity in VPS Hosting

ModSecurity is pre-installed on all virtual private servers that are offered with the Hepsia hosting Control Panel, so your web programs shall be secured from the moment your server is in a position. The firewall is turned on by default for any domain or subdomain on the VPS, but if required, you'll be able to deactivate it with a mouse click through the corresponding section of Hepsia. You could also set it to work in detection mode, so it shall keep an extensive log of any possible attacks without taking any action to prevent them. The logs are available in the exact same section and include info about the nature of the attack, what IP address it originated from and what ModSecurity rule was activated to stop it. For maximum security, we employ not only commercial rules from a company operating in the field of web security, but also custom ones that our admins add manually in order to respond to new threats which are still not dealt with in the commercial rules.

ModSecurity in Dedicated Web Hosting

ModSecurity is available by default with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain you create on the web server. In the event that a web app does not function properly, you can either turn off the firewall or set it to function in passive mode. The second means that ModSecurity will maintain a log of any potential attack which could take place, but shall not take any action to stop it. The logs generated in passive or active mode shall offer you more details about the exact file that was attacked, the nature of the attack and the IP address it originated from, etcetera. This info shall allow you to choose what steps you can take to improve the safety of your websites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we use are updated regularly with a commercial package from a third-party security firm we work with, but sometimes our administrators include their own rules as well in case they identify a new potential threat.