ModSecurity is an effective firewall for Apache web servers that is used to prevent attacks toward web applications. It monitors the HTTP traffic to a specific site in real time and blocks any intrusion attempts the moment it detects them. The firewall uses a set of rules to do this - as an illustration, attempting to log in to a script admin area unsuccessfully a few times triggers one rule, sending a request to execute a specific file that may result in gaining access to the site triggers another rule, etc. ModSecurity is amongst the best firewalls on the market and it'll protect even scripts which aren't updated on a regular basis as it can prevent attackers from employing known exploits and security holes. Very detailed information about every single intrusion attempt is recorded and the logs the firewall maintains are considerably more specific than the standard logs created by the Apache server, so you may later examine them and determine if you need to take extra measures so as to increase the protection of your script-driven Internet sites.

ModSecurity in Shared Hosting

ModSecurity is provided with all shared hosting machines, so if you decide to host your websites with our company, they'll be resistant to an array of attacks. The firewall is turned on as standard for all domains and subdomains, so there shall be nothing you will need to do on your end. You'll be able to stop ModSecurity for any Internet site if necessary, or to enable a detection mode, so that all activity shall be recorded, but the firewall will not take any real action. You will be able to view detailed logs through your Hepsia CP including the IP address where the attack originated from, what the attacker wanted to do and how ModSecurity addressed the threat. As we take the safety of our customers' Internet sites seriously, we employ a set of commercial rules which we get from one of the best firms that maintain this kind of rules. Our administrators also include custom rules to make sure that your sites shall be shielded from as many risks as possible.

ModSecurity in Semi-dedicated Servers

Any web program that you set up in your new semi-dedicated server account shall be protected by ModSecurity as the firewall comes with all our hosting plans and is switched on by default for any domain and subdomain you include or create via your Hepsia hosting CP. You'll be able to manage ModSecurity through a dedicated section within Hepsia where not simply can you activate or deactivate it fully, but you may also switch on a passive mode, so the firewall will not block anything, but it will still maintain an archive of potential attacks. This requires just a mouse click and you'll be able to view the logs regardless of if ModSecurity is in active or passive mode through the same section - what the attack was and where it came from, how it was taken care of, etc. The firewall employs two groups of rules on our machines - a commercial one that we get from a third-party web security company and a custom one which our admins update manually as to respond to newly discovered threats at the earliest opportunity.

ModSecurity in VPS Servers

Protection is very important to us, so we install ModSecurity on all VPS servers which are made available with the Hepsia CP as a standard. The firewall can be managed via a dedicated section within Hepsia and is turned on automatically when you add a new domain or create a subdomain, so you'll not have to do anything personally. You shall also be able to deactivate it or turn on the so-called detection mode, so it shall maintain a log of potential attacks which you can later examine, but will not block them. The logs in both passive and active modes include details regarding the type of the attack and how it was prevented, what IP it came from and other valuable info that may help you to tighten the security of your sites by updating them or blocking IPs, for instance. In addition to the commercial rules we get for ModSecurity from a third-party security firm, we also employ our own rules as from time to time we discover specific attacks which are not yet present within the commercial group. This way, we can easily enhance the protection of your VPS in a timely manner rather than waiting for a certified update.

ModSecurity in Dedicated Servers

ModSecurity is included with all dedicated servers that are integrated with our Hepsia CP and you won't need to do anything specific on your end to employ it because it's enabled by default whenever you add a new domain or subdomain on your server. If it interferes with any of your apps, you will be able to stop it via the respective part of Hepsia, or you could leave it working in passive mode, so it'll identify attacks and shall still keep a log for them, but will not stop them. You'll be able to look at the logs later to determine what you can do to improve the security of your sites as you will find info such as where an intrusion attempt came from, what website was attacked and in accordance with what rule ModSecurity reacted, etc. The rules that we use are commercial, therefore they are constantly updated by a security provider, but to be on the safe side, our admins also include custom rules every now and then as to respond to any new threats they have identified.