ModSecurity is an effective firewall for Apache web servers which is used to prevent attacks toward web apps. It keeps track of the HTTP traffic to a specific website in real time and stops any intrusion attempts the moment it discovers them. The firewall uses a set of rules to do this - for example, trying to log in to a script admin area unsuccessfully a few times activates one rule, sending a request to execute a particular file which could result in getting access to the site triggers another rule, etcetera. ModSecurity is amongst the best firewalls around and it will preserve even scripts that aren't updated frequently because it can prevent attackers from employing known exploits and security holes. Very thorough data about each intrusion attempt is recorded and the logs the firewall keeps are considerably more detailed than the conventional logs generated by the Apache server, so you can later take a look at them and determine if you need to take extra measures in order to enhance the safety of your script-driven sites.

ModSecurity in Cloud Website Hosting

ModSecurity comes by default with all cloud website hosting plans which we supply and it shall be activated automatically for any domain or subdomain which you add/create in your Hepsia hosting Control Panel. The firewall has three different modes, so you could activate and deactivate it with a click or set it to detection mode, so it shall maintain a log of all attacks, but it shall not do anything to prevent them. The log for each of your websites will feature in-depth info which includes the nature of the attack, where it originated from, what action was taken by ModSecurity, and so on. The firewall rules that we use are frequently updated and consist of both commercial ones that we get from a third-party security firm and custom ones which our system administrators include in case that they detect a new kind of attacks. This way, the websites which you host here will be way more protected without any action needed on your end.

ModSecurity in Semi-dedicated Hosting

We have incorporated ModSecurity by default within all semi-dedicated hosting products, so your web applications shall be protected whenever you install them under any domain or subdomain. The Hepsia Control Panel which is included with the semi-dedicated accounts shall permit you to switch on or disable the firewall for any Internet site with a click. You'll also be able to switch on a passive detection mode with which ModSecurity will maintain a log of possible attacks without really stopping them. The comprehensive logs contain the nature of the attack and what ModSecurity response this attack initiated, where it came from, etcetera. The list of rules that we use is regularly updated as to match any new threats which might appear on the Internet and it includes both commercial rules that we get from a security company and custom-written ones that our administrators include if they find a threat which is not present in the commercial list yet.

ModSecurity in VPS Web Hosting

ModSecurity is pre-installed on all virtual private servers which are set up with the Hepsia hosting Control Panel, so your web programs shall be protected from the moment your server is in a position. The firewall is turned on by default for any domain or subdomain on the VPS, but if necessary, you can disable it with a mouse click from the corresponding section of Hepsia. You may also set it to function in detection mode, so it'll maintain a comprehensive log of any potential attacks without taking any action to prevent them. The logs are available within the exact same section and include info about the nature of the attack, what IP address it came from and what ModSecurity rule was initiated to stop it. For maximum security, we employ not simply commercial rules from a firm working in the field of web security, but also custom ones our administrators add personally in order to respond to new risks that are still not tackled in the commercial rules.

ModSecurity in Dedicated Servers Hosting

ModSecurity comes with all dedicated servers which are set up with our Hepsia CP and you will not need to do anything specific on your end to use it as it is enabled by default whenever you include a new domain or subdomain on your server. If it interferes with any of your applications, you'll be able to stop it through the respective part of Hepsia, or you may leave it working in passive mode, so it shall detect attacks and shall still keep a log for them, but won't prevent them. You may look at the logs later to find out what you can do to improve the protection of your websites as you'll find info such as where an intrusion attempt came from, what site was attacked and based upon what rule ModSecurity reacted, etcetera. The rules that we employ are commercial, thus they're frequently updated by a security company, but to be on the safe side, our admins also include custom rules from time to time in order to deal with any new threats they have identified.