ModSecurity is a highly effective web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its performance and when it identifies an intrusion attempt, it prevents it. The firewall additionally maintains a more detailed log for the site visitors than any server does, so you'll be able to keep an eye on what is going on with your Internet sites a lot better than if you rely simply on standard logs. ModSecurity employs security rules based on which it prevents attacks. For instance, it detects if anyone is attempting to log in to the administration area of a certain script a number of times or if a request is sent to execute a file with a particular command. In these cases these attempts set off the corresponding rules and the software hinders the attempts immediately, and then records comprehensive info about them inside its logs. ModSecurity is amongst the most effective software firewalls out there and it can easily protect your web apps against a huge number of threats and vulnerabilities, especially if you don’t update them or their plugins regularly.

ModSecurity in Cloud Website Hosting

ModSecurity is provided with all cloud website hosting machines, so when you opt to host your websites with our organization, they will be protected against an array of attacks. The firewall is turned on as standard for all domains and subdomains, so there will be nothing you'll need to do on your end. You shall be able to stop ModSecurity for any site if needed, or to enable a detection mode, so all activity will be recorded, but the firewall shall not take any real action. You shall be able to view specific logs through your Hepsia CP including the IP where the attack originated from, what the attacker wished to do and how ModSecurity addressed the threat. As we take the protection of our clients' Internet sites very seriously, we employ a group of commercial rules that we get from one of the best companies which maintain this type of rules. Our administrators also include custom rules to make certain that your Internet sites will be resistant to as many threats as possible.

ModSecurity in Semi-dedicated Hosting

ModSecurity is a part of our semi-dedicated hosting plans and if you choose to host your sites with our company, there shall not be anything special you'll need to do given that the firewall is turned on by default for all domains and subdomains you include using your hosting Control Panel. If required, you can disable ModSecurity for a certain site or switch on the so-called detection mode in which case the firewall will still function and record information, but will not do anything to stop potential attacks against your websites. Comprehensive logs shall be available within your CP and you will be able to see what type of attacks took place, what security rules were triggered and how the firewall handled the threats, what Internet protocol addresses the attacks originated from, and so on. We employ two sorts of rules on our servers - commercial ones from a firm that operates in the field of web security, and custom made ones which our administrators sometimes include to respond to newly found threats on time.

ModSecurity in VPS

ModSecurity is pre-installed on all virtual private servers which are offered with the Hepsia hosting Control Panel, so your web apps will be secured from the second your server is in a position. The firewall is activated by default for any domain or subdomain on the Virtual Private Server, but if necessary, you'll be able to deactivate it with a click from the corresponding section of Hepsia. You can also set it to operate in detection mode, so it shall keep a comprehensive log of any possible attacks without taking any action to prevent them. The logs can be found in the very same section and include information regarding the nature of the attack, what IP it came from and what ModSecurity rule was triggered to stop it. For maximum security, we use not only commercial rules from a business working in the field of web security, but also custom ones our administrators add manually in order to respond to new threats that are still not tackled in the commercial rules.

ModSecurity in Dedicated Hosting

ModSecurity is offered as standard with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain you create on the server. Just in case that a web application doesn't work correctly, you could either switch off the firewall or set it to operate in passive mode. The second means that ModSecurity shall keep a log of any possible attack which might take place, but shall not take any action to prevent it. The logs generated in passive or active mode shall present you with more details about the exact file that was attacked, the nature of the attack and the IP it originated from, etc. This information shall allow you to decide what steps you can take to enhance the security of your Internet sites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules we employ are updated constantly with a commercial bundle from a third-party security enterprise we work with, but occasionally our admins include their own rules too when they find a new potential threat.