ModSecurity is a highly effective web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its performance and if it discovers an intrusion attempt, it prevents it. The firewall additionally keeps a more detailed log for the site visitors than any server does, so you'll be able to keep an eye on what is going on with your sites a lot better than if you rely simply on standard logs. ModSecurity uses security rules based on which it stops attacks. For instance, it identifies if anyone is trying to log in to the admin area of a specific script multiple times or if a request is sent to execute a file with a specific command. In such cases these attempts trigger the corresponding rules and the software hinders the attempts right away, then records in-depth info about them inside its logs. ModSecurity is one of the most effective software firewalls on the market and it can protect your web apps against a large number of threats and vulnerabilities, particularly if you don’t update them or their plugins frequently.

ModSecurity in Cloud Hosting

ModSecurity comes standard with all cloud hosting plans which we supply and it will be switched on automatically for any domain or subdomain that you add/create in your Hepsia hosting Control Panel. The firewall has 3 different modes, so you'll be able to switch on and deactivate it with a click or set it to detection mode, so it'll keep a log of all attacks, but it will not do anything to prevent them. The log for each of your sites shall contain comprehensive info including the nature of the attack, where it originated from, what action was taken by ModSecurity, etcetera. The firewall rules that we use are frequently updated and include both commercial ones which we get from a third-party security business and custom ones which our system admins add in case that they detect a new kind of attacks. That way, the websites that you host here will be a lot more secure without any action expected on your end.

ModSecurity in Semi-dedicated Hosting

Any web program that you install within your new semi-dedicated hosting account will be protected by ModSecurity because the firewall is included with all our hosting plans and is turned on by default for any domain and subdomain that you add or create using your Hepsia hosting CP. You'll be able to manage ModSecurity via a dedicated section in Hepsia where not simply can you activate or deactivate it fully, but you can also enable a passive mode, so the firewall won't block anything, but it'll still maintain a record of possible attacks. This normally requires simply a click and you'll be able to view the logs regardless if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was dealt with, etcetera. The firewall uses 2 groups of rules on our web servers - a commercial one which we get from a third-party web security firm and a custom one that our admins update manually in order to respond to recently discovered threats immediately.

ModSecurity in VPS Web Hosting

ModSecurity is provided with all Hepsia-based virtual private servers that we offer and it shall be activated automatically for any new domain or subdomain you add on the server. This way, any web app which you install will be secured immediately without doing anything personally on your end. The firewall could be managed from the section of the CP that bears the same name. This is the location whereyou can switch off ModSecurity or enable its passive mode, so it will not take any action toward threats, but will still maintain a detailed log. The recorded info is available inside the same section as well and you'll be able to see what IPs any attacks came from so that you can stop them, what the nature of the attempted attacks was and based upon what security rules ModSecurity reacted. The rules we use on our servers are a combination between commercial ones we obtain from a security firm and custom ones that are added by our administrators to improve the protection of any web apps hosted on our end.

ModSecurity in Dedicated Servers Hosting

ModSecurity is included with all dedicated servers which are integrated with our Hepsia Control Panel and you'll not have to do anything specific on your end to use it as it is switched on by default whenever you add a new domain or subdomain on your web server. In case it interferes with some of your applications, you will be able to stop it via the respective section of Hepsia, or you could leave it working in passive mode, so it will detect attacks and will still keep a log for them, but will not block them. You can analyze the logs later to determine what you can do to improve the protection of your Internet sites as you'll find details such as where an intrusion attempt originated from, what Internet site was attacked and based upon what rule ModSecurity responded, etc. The rules that we employ are commercial, therefore they're constantly updated by a security firm, but to be on the safe side, our admins also add custom rules occasionally as to react to any new threats they have identified.