ModSecurity is a highly effective firewall for Apache web servers which is employed to prevent attacks towards web applications. It keeps track of the HTTP traffic to a certain website in real time and blocks any intrusion attempts the instant it identifies them. The firewall relies on a set of rules to do this - as an illustration, trying to log in to a script admin area unsuccessfully a few times triggers one rule, sending a request to execute a certain file which may result in accessing the Internet site triggers another rule, etc. ModSecurity is amongst the best firewalls available and it will secure even scripts which are not updated frequently since it can prevent attackers from employing known exploits and security holes. Incredibly comprehensive data about every intrusion attempt is recorded and the logs the firewall maintains are a lot more detailed than the conventional logs created by the Apache server, so you can later analyze them and decide whether you need to take more measures so as to enhance the security of your script-driven sites.

ModSecurity in Shared Hosting

We provide ModSecurity with all shared hosting solutions, so your web applications will be shielded from destructive attacks. The firewall is activated as standard for all domains and subdomains, but if you'd like, you'll be able to stop it using the respective section of your Hepsia CP. You'll be able to also activate a detection mode, so ModSecurity shall keep a log as intended, but will not take any action. The logs which you will discover in Hepsia are quite detailed and offer data about the nature of any attack, when it took place and from what IP address, the firewall rule which was triggered, etc. We employ a set of commercial rules which are regularly updated, but sometimes our administrators include custom rules as well so as to better protect the sites hosted on our servers.

ModSecurity in Semi-dedicated Hosting

Any web app that you install inside your new semi-dedicated hosting account shall be protected by ModSecurity as the firewall is provided with all our hosting solutions and is switched on by default for any domain and subdomain which you include or create through your Hepsia hosting Control Panel. You'll be able to manage ModSecurity through a dedicated area inside Hepsia where not only can you activate or deactivate it fully, but you may also switch on a passive mode, so the firewall shall not block anything, but it will still keep an archive of potential attacks. This takes just a click and you will be able to look at the logs regardless of if ModSecurity is in active or passive mode through the same section - what the attack was and where it came from, how it was taken care of, and so on. The firewall uses 2 groups of rules on our machines - a commercial one that we get from a third-party web security provider and a custom one that our admins update manually as to respond to recently discovered threats as quickly as possible.

ModSecurity in VPS Web Hosting

All virtual private servers that are offered with the Hepsia CP include ModSecurity. The firewall is set up and turned on by default for all domains which are hosted on the web server, so there shall not be anything special which you'll have to do to protect your sites. It'll take you just a mouse click to stop ModSecurity if necessary or to activate its passive mode so that it records what occurs without taking any steps to prevent intrusions. You'll be able to see the logs produced in active or passive mode through the corresponding section of Hepsia and learn more about the form of the attack, where it originated from, what rule the firewall employed to deal with it, and so on. We employ a mix of commercial and custom rules in order to ensure that ModSecurity will stop as many threats as possible, therefore improving the security of your web apps as much as possible.

ModSecurity in Dedicated Servers Hosting

ModSecurity is provided as standard with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain you create on the server. In the event that a web app does not operate properly, you could either switch off the firewall or set it to function in passive mode. The latter means that ModSecurity will keep a log of any possible attack which could occur, but will not take any action to prevent it. The logs created in active or passive mode will give you additional details about the exact file that was attacked, the form of the attack and the IP address it came from, etcetera. This info will allow you to choose what measures you can take to enhance the safety of your websites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules we use are updated constantly with a commercial package from a third-party security firm we work with, but from time to time our administrators include their own rules also if they come across a new potential threat.