ModSecurity is a highly effective web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its overall performance and when it identifies an intrusion attempt, it blocks it. The firewall additionally maintains a more comprehensive log for the website visitors than any web server does, so you will manage to keep an eye on what's going on with your sites better than if you rely only on conventional logs. ModSecurity employs security rules based on which it helps prevent attacks. For example, it recognizes if anyone is trying to log in to the administration area of a given script a number of times or if a request is sent to execute a file with a certain command. In these circumstances these attempts trigger the corresponding rules and the firewall software blocks the attempts right away, and then records detailed information about them inside its logs. ModSecurity is one of the best software firewalls out there and it could easily protect your web applications against thousands of threats and vulnerabilities, especially in case you don’t update them or their plugins regularly.

ModSecurity in Hosting

ModSecurity is supplied with all hosting servers, so if you choose to host your sites with our firm, they'll be shielded from a wide range of attacks. The firewall is enabled as standard for all domains and subdomains, so there'll be nothing you shall need to do on your end. You'll be able to stop ModSecurity for any Internet site if necessary, or to activate a detection mode, so that all activity will be recorded, but the firewall won't take any real action. You shall be able to view detailed logs through your Hepsia Control Panel including the IP address where the attack came from, what the attacker wished to do and how ModSecurity handled the threat. As we take the protection of our clients' websites very seriously, we employ a set of commercial rules that we take from one of the best companies that maintain this type of rules. Our administrators also add custom rules to make sure that your sites shall be resistant to as many threats as possible.

ModSecurity in Semi-dedicated Hosting

We have included ModSecurity by default within all semi-dedicated hosting packages, so your web apps will be protected the instant you install them under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts shall permit you to switch on or turn off the firewall for any website with a click. You'll also be able to switch on a passive detection mode through which ModSecurity will maintain a log of potential attacks without really stopping them. The thorough logs include things like the nature of the attack and what ModSecurity response this attack triggered, where it came from, and so on. The list of rules which we use is regularly updated as to match any new risks which might appear on the Internet and it consists of both commercial rules that we get from a security firm and custom-written ones which our administrators add if they discover a threat which is not present in the commercial list yet.

ModSecurity in VPS Hosting

ModSecurity is provided with all Hepsia-based virtual private servers we offer and it shall be turned on automatically for any new domain or subdomain which you add on the hosting server. In this way, any web application which you install shall be secured right away without doing anything by hand on your end. The firewall may be managed via the section of the Control Panel which bears the same name. This is the place whereyou'll be able to turn off ModSecurity or let its passive mode, so it won't take any action against threats, but shall still keep a detailed log. The recorded data is available inside the same area as well and you will be able to see what IPs any attacks originated from so that you stop them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity reacted. The rules which we use on our servers are a blend between commercial ones which we get from a security firm and custom ones which are included by our admins to enhance the security of any web applications hosted on our end.

ModSecurity in Dedicated Web Hosting

ModSecurity is offered as standard with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain you create on the web server. Just in case that a web application doesn't function correctly, you could either disable the firewall or set it to work in passive mode. The second means that ModSecurity will keep a log of any potential attack that could happen, but won't take any action to stop it. The logs produced in passive or active mode shall offer you additional details about the exact file which was attacked, the type of the attack and the IP address it came from, and so on. This information will enable you to decide what actions you can take to improve the security of your websites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules we employ are updated constantly with a commercial package from a third-party security company we work with, but oftentimes our staff include their own rules as well in the event that they find a new potential threat.