ModSecurity is a potent web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its functionality and if it identifies an intrusion attempt, it prevents it. The firewall furthermore maintains a more detailed log for the traffic than any web server does, so you shall manage to monitor what's going on with your Internet sites a lot better than if you rely merely on conventional logs. ModSecurity employs security rules based on which it stops attacks. For instance, it identifies whether someone is trying to log in to the administrator area of a specific script a number of times or if a request is sent to execute a file with a particular command. In these instances these attempts set off the corresponding rules and the firewall hinders the attempts in real time, after that records detailed information about them within its logs. ModSecurity is one of the best software firewalls available and it can easily protect your web applications against thousands of threats and vulnerabilities, especially if you don’t update them or their plugins frequently.

ModSecurity in Cloud Hosting

ModSecurity comes standard with all cloud hosting plans which we offer and it shall be switched on automatically for any domain or subdomain you add/create within your Hepsia hosting CP. The firewall has 3 different modes, so you could switch on and deactivate it with simply a click or set it to detection mode, so it'll keep a log of all attacks, but it'll not do anything to stop them. The log for each of your sites shall include comprehensive information including the nature of the attack, where it came from, what action was taken by ModSecurity, and so forth. The firewall rules which we use are frequently updated and include both commercial ones that we get from a third-party security company and custom ones which our system administrators add in case that they detect a new type of attacks. That way, the Internet sites you host here shall be much more secure with no action needed on your end.

ModSecurity in Semi-dedicated Hosting

We've incorporated ModSecurity as a standard in all semi-dedicated hosting products, so your web applications shall be protected as soon as you set them up under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts shall permit you to activate or turn off the firewall for any website with a mouse click. You shall also be able to turn on a passive detection mode with which ModSecurity will maintain a log of potential attacks without really stopping them. The comprehensive logs include the nature of the attack and what ModSecurity response this attack triggered, where it originated from, etcetera. The list of rules which we use is regularly updated in order to match any new risks that may appear on the Internet and it comes with both commercial rules that we get from a security firm and custom-written ones that our administrators include if they discover a threat that's not present inside the commercial list yet.

ModSecurity in VPS Hosting

All virtual private servers that are set up with the Hepsia CP come with ModSecurity. The firewall is installed and switched on by default for all domains that are hosted on the web server, so there won't be anything special that you'll need to do to protect your Internet sites. It shall take you simply a click to stop ModSecurity if necessary or to switch on its passive mode so that it records what goes on without taking any actions to stop intrusions. You'll be able to see the logs produced in passive or active mode from the corresponding section of Hepsia and find out more about the type of the attack, where it originated from, what rule the firewall used to take care of it, etcetera. We use a combination of commercial and custom rules so as to ensure that ModSecurity shall prevent as many threats as possible, hence improving the protection of your web apps as much as possible.

ModSecurity in Dedicated Web Hosting

ModSecurity is included with all dedicated servers which are set up with our Hepsia CP and you won't need to do anything specific on your end to employ it since it's switched on by default every time you add a new domain or subdomain on your hosting server. In case it disrupts some of your applications, you shall be able to stop it via the respective section of Hepsia, or you may leave it in passive mode, so it'll detect attacks and will still maintain a log for them, but shall not block them. You'll be able to analyze the logs later to find out what you can do to boost the security of your websites as you will find details such as where an intrusion attempt originated from, what site was attacked and based upon what rule ModSecurity reacted, etc. The rules which we use are commercial, hence they are frequently updated by a security company, but to be on the safe side, our administrators also add custom rules every now and then in order to react to any new threats they have found.