ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its functionality and if it discovers an intrusion attempt, it prevents it. The firewall additionally keeps a more detailed log for the site visitors than any server does, so you shall manage to monitor what's happening with your Internet sites better than if you rely only on conventional logs. ModSecurity uses security rules based on which it stops attacks. For example, it detects if anyone is trying to log in to the administration area of a given script a number of times or if a request is sent to execute a file with a particular command. In these circumstances these attempts set off the corresponding rules and the software blocks the attempts in real time, and then records detailed details about them in its logs. ModSecurity is one of the very best software firewalls available and it can protect your web apps against many threats and vulnerabilities, especially if you don’t update them or their plugins often.

ModSecurity in Web Hosting

We provide ModSecurity with all web hosting solutions, so your web apps shall be shielded from harmful attacks. The firewall is activated by default for all domains and subdomains, but in case you'd like, you will be able to stop it using the respective area of your Hepsia Control Panel. You can also switch on a detection mode, so ModSecurity will keep a log as intended, but won't take any action. The logs which you shall find inside Hepsia are extremely detailed and offer data about the nature of any attack, when it took place and from what IP, the firewall rule that was triggered, and so forth. We use a set of commercial rules that are frequently updated, but sometimes our admins add custom rules as well so as to efficiently protect the Internet sites hosted on our machines.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server packages that we offer feature ModSecurity and given that the firewall is enabled by default, any Internet site which you build under a domain or a subdomain will be secured straight away. An independent section within the Hepsia Control Panel that comes with the semi-dedicated accounts is devoted to ModSecurity and it'll allow you to start and stop the firewall for any website or switch on a detection mode. With the latter, ModSecurity will not take any action, but it'll still identify possible attacks and shall keep all data inside a log as if it were 100% active. The logs could be found inside the exact same section of the CP and they feature info about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to identify and stop it, etcetera. The security rules that we employ on our web servers are a mix of commercial ones from a security company and custom ones created by our system administrators. Consequently, we provide greater security for your web applications as we can shield them from attacks even before security firms release updates for new threats.

ModSecurity in VPS Servers

ModSecurity is provided with all Hepsia-based VPS servers that we offer and it'll be activated automatically for every new domain or subdomain you add on the machine. In this way, any web application which you install shall be secured immediately without doing anything manually on your end. The firewall may be handled via the section of the CP which bears the same name. This is the place whereyou'll be able to disable ModSecurity or let its passive mode, so it shall not take any action towards threats, but will still keep a comprehensive log. The recorded info is available in the same area as well and you'll be able to see what IPs any attacks came from so that you can block them, what the nature of the attempted attacks was and based upon what security rules ModSecurity responded. The rules that we employ on our servers are a mix between commercial ones we get from a security organization and custom ones which are added by our staff to improve the protection of any web applications hosted on our end.

ModSecurity in Dedicated Servers

ModSecurity comes with all dedicated servers that are set up with our Hepsia Control Panel and you won't need to do anything specific on your end to use it as it's turned on by default whenever you add a new domain or subdomain on your server. In the event that it disrupts some of your applications, you will be able to stop it through the respective section of Hepsia, or you can leave it operating in passive mode, so it will identify attacks and will still maintain a log for them, but will not prevent them. You may look at the logs later to learn what you can do to increase the safety of your Internet sites since you shall find info such as where an intrusion attempt originated from, what website was attacked and based on what rule ModSecurity responded, and so forth. The rules that we employ are commercial, thus they're constantly updated by a security firm, but to be on the safe side, our admins also add custom rules from time to time in order to respond to any new threats they have discovered.