ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to an Internet site without affecting its performance and in case it discovers an intrusion attempt, it prevents it. The firewall furthermore keeps a more comprehensive log for the site visitors than any server does, so you will manage to keep track of what's happening with your websites better than if you rely merely on conventional logs. ModSecurity uses security rules based on which it stops attacks. For instance, it recognizes if someone is trying to log in to the administration area of a particular script a number of times or if a request is sent to execute a file with a certain command. In such circumstances these attempts set off the corresponding rules and the firewall hinders the attempts instantly, after that records in-depth info about them within its logs. ModSecurity is one of the most effective software firewalls available and it can easily protect your web apps against thousands of threats and vulnerabilities, especially in case you don’t update them or their plugins frequently.

ModSecurity in Website Hosting

ModSecurity is provided with all website hosting machines, so if you decide to host your websites with our business, they shall be protected against a wide array of attacks. The firewall is turned on as standard for all domains and subdomains, so there'll be nothing you shall need to do on your end. You will be able to stop ModSecurity for any site if needed, or to switch on a detection mode, so all activity shall be recorded, but the firewall shall not take any real action. You shall be able to view comprehensive logs through your Hepsia Control Panel including the IP address where the attack came from, what the attacker wished to do and how ModSecurity handled the threat. Since we take the protection of our customers' Internet sites very seriously, we use a set of commercial rules that we get from one of the leading companies which maintain this sort of rules. Our admins also include custom rules to make certain that your websites will be shielded from as many threats as possible.

ModSecurity in Semi-dedicated Servers

ModSecurity is part of our semi-dedicated server plans and if you decide to host your sites with us, there shall not be anything special you will have to do since the firewall is activated by default for all domains and subdomains which you add through your hosting CP. If necessary, you can disable ModSecurity for a particular site or activate the so-called detection mode in which case the firewall will still function and record data, but shall not do anything to stop potential attacks on your Internet sites. Comprehensive logs shall be accessible inside your CP and you'll be able to see what sort of attacks occurred, what security rules were triggered and how the firewall addressed the threats, what IP addresses the attacks came from, and so on. We use two types of rules on our servers - commercial ones from a business that operates in the field of web security, and custom made ones which our administrators occasionally add to respond to newly found risks in a timely manner.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are set up with the Hepsia hosting CP, so your web applications will be protected from the second your server is ready. The firewall is turned on by default for any domain or subdomain on the VPS, but if necessary, you'll be able to deactivate it with a click of your mouse via the corresponding section of Hepsia. You could also set it to function in detection mode, so it will maintain a comprehensive log of any possible attacks without taking any action to prevent them. The logs can be found inside the exact same section and offer information regarding the nature of the attack, what IP address it originated from and what ModSecurity rule was activated to stop it. For optimum security, we employ not only commercial rules from a business working in the field of web security, but also custom ones that our administrators include personally in order to react to new risks which are still not tackled in the commercial rules.

ModSecurity in Dedicated Servers

All of our dedicated servers which are installed with the Hepsia hosting CP feature ModSecurity, so any application you upload or set up will be properly secured from the very beginning and you'll not have to stress about common attacks or vulnerabilities. An individual section within Hepsia will allow you to start or stop the firewall for each domain or subdomain, or switch on a detection mode so that it records info about intrusions, but does not take actions to stop them. What you'll see in the logs can enable you to to secure your websites better - the IP address an attack originated from, what site was attacked as well as how, what ModSecurity rule was triggered, etc. With this data, you'll be able to see whether an Internet site needs an update, whether you should block IPs from accessing your hosting server, etc. On top of the third-party commercial security rules for ModSecurity we use, our administrators include custom ones too whenever they come across a new threat which is not yet in the commercial bundle.