ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to an Internet site without affecting its functionality and in case it detects an intrusion attempt, it prevents it. The firewall also keeps a more thorough log for the website visitors than any server does, so you'll manage to keep track of what's happening with your sites much better than if you rely merely on standard logs. ModSecurity uses security rules based on which it prevents attacks. For instance, it identifies if someone is trying to log in to the administration area of a given script multiple times or if a request is sent to execute a file with a particular command. In these instances these attempts set off the corresponding rules and the firewall blocks the attempts instantly, after that records in-depth info about them within its logs. ModSecurity is among the most effective software firewalls out there and it can easily protect your web applications against thousands of threats and vulnerabilities, particularly if you don’t update them or their plugins often.

ModSecurity in Web Hosting

We provide ModSecurity with all web hosting solutions, so your Internet applications will be protected against destructive attacks. The firewall is activated by default for all domains and subdomains, but in case you would like, you shall be able to stop it through the respective section of your Hepsia CP. You can also activate a detection mode, so ModSecurity will keep a log as intended, but shall not take any action. The logs which you will find inside Hepsia are very detailed and feature data about the nature of any attack, when it transpired and from what IP, the firewall rule which was triggered, and so on. We use a set of commercial rules that are regularly updated, but sometimes our administrators include custom rules as well so as to efficiently protect the sites hosted on our machines.

ModSecurity in Semi-dedicated Hosting

Any web application you set up in your new semi-dedicated hosting account will be protected by ModSecurity because the firewall comes with all our hosting solutions and is turned on by default for any domain and subdomain that you include or create via your Hepsia hosting Control Panel. You'll be able to manage ModSecurity via a dedicated area in Hepsia where not only could you activate or deactivate it completely, but you could also switch on a passive mode, so the firewall shall not stop anything, but it shall still maintain a record of potential attacks. This requires only a click and you will be able to view the logs no matter if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was dealt with, and so on. The firewall employs two sets of rules on our web servers - a commercial one that we get from a third-party web security firm and a custom one that our administrators update manually as to respond to recently discovered threats at the earliest opportunity.

ModSecurity in VPS Web Hosting

All virtual private servers which are set up with the Hepsia CP feature ModSecurity. The firewall is set up and switched on by default for all domains which are hosted on the web server, so there won't be anything special which you'll need to do to protect your sites. It'll take you simply a click to stop ModSecurity if needed or to activate its passive mode so that it records what occurs without taking any measures to prevent intrusions. You will be able to view the logs generated in passive or active mode via the corresponding section of Hepsia and discover more about the form of the attack, where it originated from, what rule the firewall used to take care of it, etcetera. We use a mix of commercial and custom rules in order to ensure that ModSecurity shall block out as many threats as possible, consequently enhancing the protection of your web applications as much as possible.

ModSecurity in Dedicated Servers Hosting

ModSecurity comes with all dedicated servers which are integrated with our Hepsia CP and you will not need to do anything specific on your end to employ it because it's turned on by default whenever you include a new domain or subdomain on your hosting server. In the event that it disrupts any of your apps, you will be able to stop it via the respective part of Hepsia, or you can leave it operating in passive mode, so it'll detect attacks and shall still maintain a log for them, but shall not block them. You could analyze the logs later to learn what you can do to boost the security of your websites as you will find details such as where an intrusion attempt came from, what website was attacked and based on what rule ModSecurity responded, etcetera. The rules which we use are commercial, therefore they're constantly updated by a security provider, but to be on the safe side, our administrators also add custom rules from time to time in order to react to any new threats they have discovered.