ModSecurity is an efficient firewall for Apache web servers that's used to prevent attacks against web applications. It keeps track of the HTTP traffic to a given site in real time and stops any intrusion attempts the moment it discovers them. The firewall uses a set of rules to do that - for example, trying to log in to a script admin area unsuccessfully a few times sets off one rule, sending a request to execute a specific file that could result in accessing the site triggers a different rule, etc. ModSecurity is among the best firewalls out there and it'll secure even scripts which aren't updated on a regular basis since it can prevent attackers from employing known exploits and security holes. Incredibly thorough information about every single intrusion attempt is recorded and the logs the firewall keeps are considerably more comprehensive than the conventional logs created by the Apache server, so you may later examine them and decide whether you need to take additional measures in order to enhance the protection of your script-driven Internet sites.

ModSecurity in Shared Hosting

ModSecurity is available on all shared hosting servers, so when you decide to host your websites with our company, they will be shielded from an array of attacks. The firewall is enabled as standard for all domains and subdomains, so there'll be nothing you'll need to do on your end. You will be able to stop ModSecurity for any website if necessary, or to activate a detection mode, so all activity shall be recorded, but the firewall shall not take any real action. You'll be able to view detailed logs via your Hepsia Control Panel including the IP where the attack came from, what the attacker planned to do and how ModSecurity dealt with the threat. As we take the security of our customers' Internet sites seriously, we use a selection of commercial rules which we take from one of the top companies which maintain this kind of rules. Our administrators also include custom rules to make sure that your sites will be shielded from as many risks as possible.

ModSecurity in Semi-dedicated Servers

ModSecurity is part of our semi-dedicated server plans and if you choose to host your Internet sites with us, there shall not be anything special you'll need to do given that the firewall is switched on by default for all domains and subdomains you include using your hosting CP. If needed, you could disable ModSecurity for a given website or switch on the so-called detection mode in which case the firewall will still function and record info, but won't do anything to prevent potential attacks on your websites. Detailed logs shall be accessible inside your CP and you will be able to see what type of attacks occurred, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks originated from, etc. We use two sorts of rules on our servers - commercial ones from a firm that operates in the field of web security, and custom made ones that our administrators often include to respond to newly found threats on time.

ModSecurity in VPS Servers

Protection is of the utmost importance to us, so we install ModSecurity on all VPS servers which are made available with the Hepsia CP as a standard. The firewall could be managed through a dedicated section in Hepsia and is activated automatically when you include a new domain or create a subdomain, so you'll not have to do anything personally. You'll also be able to deactivate it or turn on the so-called detection mode, so it shall keep a log of possible attacks which you can later analyze, but shall not prevent them. The logs in both passive and active modes contain details regarding the type of the attack and how it was prevented, what IP address it originated from and other important data that could help you to tighten the security of your Internet sites by updating them or blocking IPs, for instance. Besides the commercial rules which we get for ModSecurity from a third-party security enterprise, we also implement our own rules because once in a while we detect specific attacks that aren't yet present within the commercial pack. That way, we could improve the protection of your VPS promptly rather than awaiting a certified update.

ModSecurity in Dedicated Servers

When you opt to host your sites on a dedicated server with the Hepsia Control Panel, your web programs will be secured immediately since ModSecurity is supplied with all Hepsia-based plans. You will be able to regulate the firewall effortlessly and if necessary, you will be able to turn it off or enable its passive mode when it shall only maintain a log of what is going on without taking any action to stop possible attacks. The logs that you'll find inside the very same section of the CP are incredibly detailed and contain data about the attacker IP address, what website and file were attacked and in what ways, what rule the firewall employed to stop the intrusion, and so on. This information shall enable you to take measures and improve the protection of your Internet sites even more. To be on the safe side, we use not only commercial rules, but also custom-made ones which our administrators include whenever they detect attacks that have not yet been included within the commercial pack.