ModSecurity is an efficient firewall for Apache web servers which is employed to prevent attacks towards web applications. It tracks the HTTP traffic to a certain Internet site in real time and prevents any intrusion attempts as soon as it identifies them. The firewall relies on a set of rules to do this - as an illustration, attempting to log in to a script admin area unsuccessfully a few times sets off one rule, sending a request to execute a particular file that may result in accessing the site triggers a different rule, etcetera. ModSecurity is among the best firewalls out there and it'll secure even scripts which aren't updated regularly because it can prevent attackers from employing known exploits and security holes. Quite thorough information about each intrusion attempt is recorded and the logs the firewall keeps are far more detailed than the standard logs provided by the Apache server, so you could later take a look at them and decide if you need to take extra measures in order to boost the safety of your script-driven Internet sites.

ModSecurity in Shared Web Hosting

ModSecurity can be found with every shared web hosting package that we provide and it is turned on by default for any domain or subdomain which you include via your Hepsia Control Panel. If it interferes with any of your apps or you would like to disable it for some reason, you shall be able to accomplish that through the ModSecurity section of Hepsia with just a mouse click. You can also use a passive mode, so the firewall will identify possible attacks and maintain a log, but shall not take any action. You'll be able to see extensive logs in the exact same section, including the IP where the attack originated from, what exactly the attacker tried to do and at what time, what ModSecurity did, and so on. For max protection of our customers we use a set of commercial firewall rules mixed with custom ones that are included by our system administrators.

ModSecurity in Semi-dedicated Hosting

We have included ModSecurity by default in all semi-dedicated hosting packages, so your web apps shall be protected whenever you set them up under any domain or subdomain. The Hepsia Control Panel that is included with the semi-dedicated accounts will permit you to enable or turn off the firewall for any website with a mouse click. You will also have the ability to activate a passive detection mode with which ModSecurity shall maintain a log of possible attacks without really stopping them. The comprehensive logs include things like the nature of the attack and what ModSecurity response this attack initiated, where it originated from, and so forth. The list of rules that we use is constantly updated in order to match any new risks that could appear on the Internet and it includes both commercial rules that we get from a security corporation and custom-written ones that our administrators add in case they discover a threat which is not present inside the commercial list yet.

ModSecurity in VPS Hosting

Security is essential to us, so we install ModSecurity on all virtual private servers which are provided with the Hepsia CP by default. The firewall could be managed through a dedicated section within Hepsia and is activated automatically when you add a new domain or generate a subdomain, so you'll not have to do anything manually. You shall also be able to deactivate it or switch on the so-called detection mode, so it will keep a log of potential attacks you can later analyze, but won't prevent them. The logs in both passive and active modes include info regarding the type of the attack and how it was eliminated, what IP it came from and other useful information that could help you to tighten the security of your sites by updating them or blocking IPs, for instance. On top of the commercial rules we get for ModSecurity from a third-party security enterprise, we also use our own rules because every now and then we find specific attacks which are not yet present within the commercial pack. This way, we could boost the security of your Virtual private server promptly as opposed to waiting for an official update.

ModSecurity in Dedicated Web Hosting

All our dedicated servers which are installed with the Hepsia hosting CP come with ModSecurity, so any application which you upload or set up shall be secured from the very beginning and you won't have to bother about common attacks or vulnerabilities. A separate section in Hepsia will allow you to start or stop the firewall for every domain or subdomain, or switch on a detection mode so that it records information regarding intrusions, but does not take actions to prevent them. What you will see in the logs shall allow you to to secure your sites better - the IP an attack came from, what website was attacked as well as how, what ModSecurity rule was triggered, etc. With this data, you can see if a site needs an update, if you should block IPs from accessing your web server, and so on. On top of the third-party commercial security rules for ModSecurity that we use, our administrators add custom ones too if they discover a new threat which is not yet a part of the commercial bundle.