ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its overall performance and in case it detects an intrusion attempt, it blocks it. The firewall also keeps a more detailed log for the site visitors than any web server does, so you shall be able to monitor what is happening with your websites a lot better than if you rely simply on conventional logs. ModSecurity works with security rules based on which it helps prevent attacks. For example, it detects if anyone is trying to log in to the administration area of a given script multiple times or if a request is sent to execute a file with a particular command. In such situations these attempts set off the corresponding rules and the firewall hinders the attempts instantly, and then records in-depth info about them inside its logs. ModSecurity is amongst the very best software firewalls on the market and it could easily protect your web applications against a huge number of threats and vulnerabilities, particularly if you don’t update them or their plugins frequently.

ModSecurity in Website Hosting

ModSecurity is available with every single website hosting package that we provide and it's turned on by default for every domain or subdomain which you include through your Hepsia Control Panel. If it interferes with any of your programs or you would like to disable it for any reason, you'll be able to do this through the ModSecurity area of Hepsia with only a mouse click. You may also activate a passive mode, so the firewall will recognize possible attacks and maintain a log, but shall not take any action. You'll be able to see detailed logs in the exact same section, including the IP where the attack came from, what exactly the attacker tried to do and at what time, what ModSecurity did, etcetera. For maximum protection of our customers we use a group of commercial firewall rules blended with custom ones that are added by our system admins.

ModSecurity in Semi-dedicated Hosting

Any web application which you set up inside your new semi-dedicated hosting account will be protected by ModSecurity as the firewall comes with all our hosting plans and is activated by default for any domain and subdomain you add or create via your Hepsia hosting CP. You shall be able to manage ModSecurity via a dedicated area within Hepsia where not simply can you activate or deactivate it fully, but you could also activate a passive mode, so the firewall will not block anything, but it shall still maintain an archive of potential attacks. This normally requires simply a mouse click and you shall be able to see the logs regardless of if ModSecurity is in active or passive mode through the same section - what the attack was and where it came from, how it was dealt with, etc. The firewall employs 2 sets of rules on our servers - a commercial one that we get from a third-party web security company and a custom one which our administrators update manually as to respond to newly discovered threats as quickly as possible.

ModSecurity in VPS Hosting

Security is extremely important to us, so we set up ModSecurity on all virtual private servers that are provided with the Hepsia Control Panel by default. The firewall can be managed through a dedicated section inside Hepsia and is activated automatically when you include a new domain or generate a subdomain, so you'll not need to do anything by hand. You will also be able to disable it or turn on the so-called detection mode, so it'll keep a log of possible attacks which you can later analyze, but won't prevent them. The logs in both passive and active modes offer info about the type of the attack and how it was prevented, what IP address it originated from and other valuable information that could help you to tighten the security of your Internet sites by updating them or blocking IPs, for example. Besides the commercial rules which we get for ModSecurity from a third-party security firm, we also employ our own rules as once in a while we find specific attacks that are not yet present in the commercial group. This way, we can easily increase the security of your Virtual private server immediately instead of waiting for an official update.

ModSecurity in Dedicated Web Hosting

All our dedicated servers which are set up with the Hepsia hosting Control Panel feature ModSecurity, so any program you upload or set up shall be properly secured from the very beginning and you'll not have to worry about common attacks or vulnerabilities. A separate section in Hepsia will enable you to start or stop the firewall for each domain or subdomain, or activate a detection mode so that it records information about intrusions, but does not take actions to prevent them. What you'll see in the logs shall help you to secure your websites better - the IP an attack came from, what website was attacked and how, what ModSecurity rule was triggered, and so on. With this data, you can see if a site needs an update, whether you ought to block IPs from accessing your web server, etc. On top of the third-party commercial security rules for ModSecurity that we use, our admins add custom ones as well when they come across a new threat that is not yet included in the commercial bundle.