ModSecurity is an effective firewall for Apache web servers which is used to stop attacks towards web applications. It monitors the HTTP traffic to a given website in real time and blocks any intrusion attempts the instant it identifies them. The firewall relies on a set of rules to do this - for instance, trying to log in to a script administrator area unsuccessfully many times triggers one rule, sending a request to execute a certain file that could result in getting access to the site triggers another rule, etcetera. ModSecurity is one of the best firewalls out there and it'll secure even scripts that are not updated regularly as it can prevent attackers from using known exploits and security holes. Quite detailed information about each and every intrusion attempt is recorded and the logs the firewall keeps are a lot more detailed than the conventional logs provided by the Apache server, so you could later take a look at them and decide whether you need to take extra measures in order to boost the protection of your script-driven websites.

ModSecurity in Shared Website Hosting

ModSecurity comes by default with all shared website hosting plans that we supply and it shall be switched on automatically for any domain or subdomain that you add/create inside your Hepsia hosting Control Panel. The firewall has 3 different modes, so you'll be able to switch on and deactivate it with just a mouse click or set it to detection mode, so it will keep a log of all attacks, but it shall not do anything to stop them. The log for each of your Internet sites shall include detailed information which includes the nature of the attack, where it originated from, what action was taken by ModSecurity, etc. The firewall rules which we use are frequently updated and consist of both commercial ones which we get from a third-party security business and custom ones which our system administrators include in case that they detect a new kind of attacks. In this way, the websites you host here shall be a lot more secure with no action required on your end.

ModSecurity in Semi-dedicated Hosting

Any web program which you set up inside your new semi-dedicated hosting account shall be protected by ModSecurity as the firewall comes with all our hosting plans and is turned on by default for any domain and subdomain which you add or create via your Hepsia hosting CP. You'll be able to manage ModSecurity through a dedicated area inside Hepsia where not only can you activate or deactivate it fully, but you may also switch on a passive mode, so the firewall shall not stop anything, but it shall still maintain a record of possible attacks. This takes only a click and you'll be able to view the logs no matter if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was addressed, etc. The firewall employs 2 groups of rules on our servers - a commercial one which we get from a third-party web security company and a custom one that our admins update manually in order to respond to newly discovered risks as soon as possible.

ModSecurity in VPS Web Hosting

Safety is very important to us, so we set up ModSecurity on all virtual private servers that are set up with the Hepsia CP as a standard. The firewall can be managed through a dedicated section in Hepsia and is turned on automatically when you add a new domain or generate a subdomain, so you will not have to do anything by hand. You shall also be able to deactivate it or turn on the so-called detection mode, so it shall maintain a log of possible attacks you can later analyze, but will not stop them. The logs in both passive and active modes include info regarding the type of the attack and how it was eliminated, what IP it originated from and other valuable information which could help you to tighten the security of your Internet sites by updating them or blocking IPs, for example. On top of the commercial rules that we get for ModSecurity from a third-party security company, we also employ our own rules as once in a while we identify specific attacks which are not yet present inside the commercial group. This way, we can easily enhance the protection of your Virtual private server in a timely manner rather than awaiting an official update.

ModSecurity in Dedicated Servers Hosting

ModSecurity comes with all dedicated servers which are integrated with our Hepsia Control Panel and you will not have to do anything specific on your end to employ it since it is switched on by default every time you add a new domain or subdomain on your server. If it disrupts some of your apps, you will be able to stop it via the respective area of Hepsia, or you can leave it in passive mode, so it will recognize attacks and shall still keep a log for them, but will not stop them. You can examine the logs later to find out what you can do to enhance the protection of your websites since you'll find info such as where an intrusion attempt originated from, what site was attacked and based on what rule ModSecurity responded, etcetera. The rules that we use are commercial, thus they are constantly updated by a security provider, but to be on the safe side, our staff also include custom rules every now and then as to respond to any new threats they have identified.