ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its operation and in case it discovers an intrusion attempt, it blocks it. The firewall also keeps a more detailed log for the website visitors than any server does, so you will manage to keep track of what's happening with your Internet sites much better than if you rely merely on standard logs. ModSecurity uses security rules based on which it prevents attacks. For example, it identifies whether somebody is trying to log in to the admin area of a certain script several times or if a request is sent to execute a file with a specific command. In these situations these attempts set off the corresponding rules and the firewall hinders the attempts instantly, and then records in-depth information about them inside its logs. ModSecurity is amongst the very best software firewalls on the market and it can easily protect your web applications against thousands of threats and vulnerabilities, particularly if you don’t update them or their plugins frequently.

ModSecurity in Shared Hosting

ModSecurity comes by default with all shared hosting plans which we offer and it'll be turned on automatically for any domain or subdomain that you add/create within your Hepsia hosting CP. The firewall has three different modes, so you can activate and disable it with a click or set it to detection mode, so it shall keep a log of all attacks, but it'll not do anything to prevent them. The log for each of your websites will contain comprehensive information such as the nature of the attack, where it came from, what action was taken by ModSecurity, etc. The firewall rules which we use are frequently updated and include both commercial ones which we get from a third-party security firm and custom ones which our system admins add in case that they detect a new kind of attacks. In this way, the Internet sites which you host here shall be way more protected without any action expected on your end.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server plans which we offer feature ModSecurity and because the firewall is turned on by default, any website which you create under a domain or a subdomain will be secured right from the start. An individual section in the Hepsia Control Panel that comes with the semi-dedicated accounts is devoted to ModSecurity and it shall permit you to start and stop the firewall for any Internet site or switch on a detection mode. With the latter, ModSecurity will not take any action, but it will still detect possible attacks and will keep all information inside a log as if it were completely active. The logs could be found inside the very same section of the CP and they feature info about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to detect and stop it, etc. The security rules which we use on our web servers are a mix between commercial ones from a security business and custom ones made by our system admins. For that reason, we offer greater security for your web programs as we can protect them from attacks before security firms release updates for brand new threats.

ModSecurity in VPS Servers

Safety is essential to us, so we set up ModSecurity on all VPS servers that are provided with the Hepsia CP by default. The firewall can be managed via a dedicated section within Hepsia and is activated automatically when you add a new domain or create a subdomain, so you'll not have to do anything by hand. You will also be able to deactivate it or turn on the so-called detection mode, so it'll keep a log of potential attacks you can later examine, but will not block them. The logs in both passive and active modes offer information about the kind of the attack and how it was prevented, what IP it originated from and other valuable information that might help you to tighten the security of your Internet sites by updating them or blocking IPs, as an example. Beyond the commercial rules which we get for ModSecurity from a third-party security firm, we also implement our own rules since every now and then we detect specific attacks that are not yet present inside the commercial pack. That way, we can enhance the security of your VPS instantly as opposed to waiting for a certified update.

ModSecurity in Dedicated Servers

All of our dedicated servers that are installed with the Hepsia hosting Control Panel come with ModSecurity, so any program you upload or set up will be protected from the very beginning and you will not have to worry about common attacks or vulnerabilities. A separate section inside Hepsia will permit you to start or stop the firewall for every domain or subdomain, or turn on a detection mode so that it records information about intrusions, but doesn't take actions to stop them. What you'll see in the logs can easily enable you to to secure your sites better - the IP an attack originated from, what website was attacked and in what way, what ModSecurity rule was triggered, etc. With this info, you'll be able to see if a site needs an update, whether you should block IPs from accessing your web server, and so forth. In addition to the third-party commercial security rules for ModSecurity that we use, our admins add custom ones too if they discover a new threat which is not yet a part of the commercial bundle.