ModSecurity is a potent web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its functionality and in case it discovers an intrusion attempt, it blocks it. The firewall also keeps a more comprehensive log for the traffic than any server does, so you will manage to monitor what is going on with your Internet sites much better than if you rely merely on conventional logs. ModSecurity works with security rules based on which it helps prevent attacks. For instance, it identifies whether somebody is trying to log in to the administrator area of a given script several times or if a request is sent to execute a file with a specific command. In such cases these attempts trigger the corresponding rules and the software hinders the attempts immediately, then records in-depth info about them within its logs. ModSecurity is one of the most effective software firewalls out there and it can easily protect your web applications against a huge number of threats and vulnerabilities, particularly if you don’t update them or their plugins often.

ModSecurity in Website Hosting

ModSecurity comes by default with all website hosting plans which we offer and it will be switched on automatically for any domain or subdomain you add/create within your Hepsia hosting Control Panel. The firewall has three different modes, so you'll be able to activate and disable it with a mouse click or set it to detection mode, so it shall maintain a log of all attacks, but it'll not do anything to prevent them. The log for each of your Internet sites will include elaborate info including the nature of the attack, where it came from, what action was taken by ModSecurity, and so on. The firewall rules that we use are frequently updated and include both commercial ones that we get from a third-party security company and custom ones which our system administrators add in case that they detect a new type of attacks. That way, the Internet sites you host here shall be way more secure with no action needed on your end.

ModSecurity in Semi-dedicated Hosting

We've integrated ModSecurity by default in all semi-dedicated hosting packages, so your web apps will be protected whenever you install them under any domain or subdomain. The Hepsia Control Panel which is included with the semi-dedicated accounts shall permit you to activate or turn off the firewall for any website with a mouse click. You will also be able to activate a passive detection mode through which ModSecurity shall keep a log of potential attacks without actually preventing them. The thorough logs include things like the nature of the attack and what ModSecurity response this attack triggered, where it originated from, and so on. The list of rules we use is frequently updated as to match any new risks that may appear on the Internet and it includes both commercial rules that we get from a security business and custom-written ones that our administrators add in the event that they discover a threat that is not present in the commercial list yet.

ModSecurity in VPS Hosting

Protection is very important to us, so we set up ModSecurity on all virtual private servers that are provided with the Hepsia CP as a standard. The firewall can be managed via a dedicated section in Hepsia and is activated automatically when you add a new domain or generate a subdomain, so you won't have to do anything by hand. You'll also be able to deactivate it or activate the so-called detection mode, so it shall keep a log of potential attacks you can later examine, but won't prevent them. The logs in both passive and active modes include information regarding the type of the attack and how it was eliminated, what IP address it originated from and other useful info which may help you to tighten the security of your sites by updating them or blocking IPs, for example. Beyond the commercial rules that we get for ModSecurity from a third-party security company, we also use our own rules since from time to time we discover specific attacks that aren't yet present in the commercial pack. This way, we can improve the security of your VPS promptly instead of awaiting an official update.

ModSecurity in Dedicated Web Hosting

ModSecurity is provided with all dedicated servers which are set up with our Hepsia Control Panel and you will not have to do anything specific on your end to use it since it is turned on by default every time you add a new domain or subdomain on your hosting server. If it disrupts some of your programs, you will be able to stop it through the respective section of Hepsia, or you may leave it operating in passive mode, so it'll detect attacks and shall still maintain a log for them, but won't prevent them. You may analyze the logs later to learn what you can do to boost the security of your websites as you shall find details such as where an intrusion attempt came from, what Internet site was attacked and based on what rule ModSecurity reacted, and so on. The rules we use are commercial, hence they are frequently updated by a security firm, but to be on the safe side, our admins also add custom rules every now and then in order to respond to any new threats they have identified.