ModSecurity is a highly effective firewall for Apache web servers which is employed to stop attacks toward web apps. It tracks the HTTP traffic to a particular site in real time and blocks any intrusion attempts the instant it identifies them. The firewall relies on a set of rules to accomplish that - for instance, attempting to log in to a script admin area unsuccessfully a few times triggers one rule, sending a request to execute a specific file that could result in gaining access to the Internet site triggers a different rule, etcetera. ModSecurity is one of the best firewalls around and it'll preserve even scripts which aren't updated often because it can prevent attackers from using known exploits and security holes. Quite detailed info about every single intrusion attempt is recorded and the logs the firewall keeps are a lot more specific than the conventional logs provided by the Apache server, so you may later take a look at them and decide whether you need to take additional measures so as to enhance the protection of your script-driven websites.

ModSecurity in Shared Website Hosting

We offer ModSecurity with all shared website hosting solutions, so your web applications shall be protected against destructive attacks. The firewall is activated by default for all domains and subdomains, but in case you'd like, you will be able to stop it using the respective part of your Hepsia Control Panel. You could also activate a detection mode, so ModSecurity shall keep a log as intended, but will not take any action. The logs that you will find within Hepsia are incredibly detailed and include info about the nature of any attack, when it occurred and from what IP, the firewall rule that was triggered, and so on. We employ a set of commercial rules which are often updated, but sometimes our admins include custom rules as well in order to efficiently protect the websites hosted on our servers.

ModSecurity in Semi-dedicated Hosting

Any web app which you set up in your new semi-dedicated hosting account shall be protected by ModSecurity since the firewall is provided with all our hosting packages and is switched on by default for any domain and subdomain that you add or create through your Hepsia hosting CP. You shall be able to manage ModSecurity through a dedicated section within Hepsia where not only can you activate or deactivate it completely, but you could also switch on a passive mode, so the firewall won't block anything, but it will still maintain a record of possible attacks. This takes only a click and you'll be able to look at the logs regardless of if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was dealt with, etcetera. The firewall uses two sets of rules on our web servers - a commercial one that we get from a third-party web security provider and a custom one that our administrators update manually as to respond to newly discovered risks as quickly as possible.

ModSecurity in VPS Hosting

Safety is of the utmost importance to us, so we install ModSecurity on all virtual private servers which are made available with the Hepsia CP as a standard. The firewall could be managed via a dedicated section within Hepsia and is switched on automatically when you add a new domain or generate a subdomain, so you will not have to do anything by hand. You'll also be able to disable it or turn on the so-called detection mode, so it'll keep a log of possible attacks that you can later examine, but shall not block them. The logs in both passive and active modes include details about the form of the attack and how it was prevented, what IP address it originated from and other useful information which might help you to tighten the security of your websites by updating them or blocking IPs, as an example. Beyond the commercial rules we get for ModSecurity from a third-party security enterprise, we also use our own rules as from time to time we detect specific attacks which are not yet present in the commercial package. That way, we can easily improve the security of your Virtual private server immediately rather than awaiting a certified update.

ModSecurity in Dedicated Web Hosting

All our dedicated servers that are installed with the Hepsia hosting Control Panel feature ModSecurity, so any program which you upload or install shall be properly secured from the very beginning and you won't have to worry about common attacks or vulnerabilities. An independent section in Hepsia will permit you to start or stop the firewall for every domain or subdomain, or turn on a detection mode so that it records details about intrusions, but doesn't take actions to stop them. What you shall see in the logs can easily allow you to to secure your websites better - the IP address an attack came from, what website was attacked and in what way, what ModSecurity rule was triggered, etc. With this data, you could see if an Internet site needs an update, whether you ought to block IPs from accessing your hosting server, etcetera. Besides the third-party commercial security rules for ModSecurity that we use, our administrators include custom ones as well whenever they discover a new threat that is not yet included in the commercial bundle.