ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its performance and if it discovers an intrusion attempt, it prevents it. The firewall additionally maintains a more thorough log for the website visitors than any server does, so you will be able to keep track of what's going on with your Internet sites much better than if you rely simply on conventional logs. ModSecurity works with security rules based on which it prevents attacks. For instance, it detects if somebody is attempting to log in to the administration area of a certain script multiple times or if a request is sent to execute a file with a particular command. In these cases these attempts set off the corresponding rules and the firewall hinders the attempts instantly, and then records detailed info about them within its logs. ModSecurity is one of the very best software firewalls out there and it can protect your web apps against a large number of threats and vulnerabilities, especially if you don’t update them or their plugins frequently.

ModSecurity in Web Hosting

ModSecurity is provided with all web hosting web servers, so when you choose to host your sites with our organization, they shall be shielded from an array of attacks. The firewall is enabled by default for all domains and subdomains, so there'll be nothing you'll need to do on your end. You'll be able to stop ModSecurity for any site if needed, or to enable a detection mode, so all activity shall be recorded, but the firewall shall not take any real action. You shall be able to view detailed logs via your Hepsia CP including the IP where the attack came from, what the attacker wished to do and how ModSecurity addressed the threat. As we take the safety of our customers' sites very seriously, we employ a group of commercial rules that we get from one of the leading firms that maintain such rules. Our admins also add custom rules to ensure that your Internet sites shall be protected against as many risks as possible.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server solutions which we offer come with ModSecurity and since the firewall is turned on by default, any website that you create under a domain or a subdomain will be secured straight away. An individual section within the Hepsia Control Panel which comes with the semi-dedicated accounts is devoted to ModSecurity and it'll permit you to start and stop the firewall for any website or enable a detection mode. With the last option, ModSecurity will not take any action, but it shall still detect possible attacks and shall keep all data inside a log as if it were completely active. The logs could be found within the same section of the Control Panel and they include information about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to identify and stop it, etcetera. The security rules which we employ on our web servers are a mix of commercial ones from a security business and custom ones created by our system admins. Therefore, we offer increased security for your web programs as we can defend them from attacks even before security firms release updates for completely new threats.

ModSecurity in VPS Servers

ModSecurity comes with all Hepsia-based VPS servers that we offer and it'll be turned on automatically for any new domain or subdomain which you include on the server. This way, any web app which you install shall be protected right from the start without doing anything personally on your end. The firewall can be managed through the section of the Control Panel which has the same name. This is the location in whichyou can turn off ModSecurity or activate its passive mode, so it will not take any action towards threats, but shall still maintain a thorough log. The recorded information is available inside the same section as well and you will be able to see what IPs any attacks originated from to enable you to stop them, what the nature of the attempted attacks was and based on what security rules ModSecurity responded. The rules we use on our servers are a combination between commercial ones we obtain from a security company and custom ones which are added by our administrators to maximize the protection of any web applications hosted on our end.

ModSecurity in Dedicated Servers

ModSecurity comes with all dedicated servers that are integrated with our Hepsia CP and you'll not need to do anything specific on your end to employ it since it's switched on by default each time you add a new domain or subdomain on your hosting server. In the event that it interferes with some of your applications, you'll be able to stop it through the respective part of Hepsia, or you can leave it in passive mode, so it'll identify attacks and shall still keep a log for them, but shall not prevent them. You could analyze the logs later to find out what you can do to improve the protection of your Internet sites since you shall find info such as where an intrusion attempt came from, what Internet site was attacked and in accordance with what rule ModSecurity responded, etcetera. The rules that we use are commercial, therefore they are regularly updated by a security provider, but to be on the safe side, our administrators also add custom rules from time to time in order to respond to any new threats they have identified.