ModSecurity is a highly effective web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its overall performance and in case it detects an intrusion attempt, it blocks it. The firewall additionally keeps a more comprehensive log for the site visitors than any server does, so you shall manage to keep an eye on what's going on with your websites better than if you rely only on standard logs. ModSecurity works with security rules based on which it helps prevent attacks. For instance, it detects if anyone is attempting to log in to the admin area of a given script several times or if a request is sent to execute a file with a particular command. In these cases these attempts trigger the corresponding rules and the software blocks the attempts in real time, after that records in-depth details about them inside its logs. ModSecurity is amongst the best software firewalls on the market and it can protect your web applications against thousands of threats and vulnerabilities, particularly if you don’t update them or their plugins often.

ModSecurity in Hosting

ModSecurity comes standard with all hosting plans that we offer and it will be turned on automatically for any domain or subdomain that you add/create inside your Hepsia hosting CP. The firewall has three different modes, so you'll be able to activate and deactivate it with a mouse click or set it to detection mode, so it shall maintain a log of all attacks, but it will not do anything to stop them. The log for any of your websites will feature detailed information including the nature of the attack, where it came from, what action was taken by ModSecurity, etcetera. The firewall rules that we use are frequently updated and consist of both commercial ones that we get from a third-party security business and custom ones that our system admins add in case that they detect a new sort of attacks. This way, the sites which you host here shall be a lot more secure without any action required on your end.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server solutions which we offer feature ModSecurity and since the firewall is switched on by default, any Internet site which you set up under a domain or a subdomain shall be protected straight away. An individual section within the Hepsia CP which comes with the semi-dedicated accounts is devoted to ModSecurity and it shall allow you to stop and start the firewall for any website or activate a detection mode. With the last mentioned, ModSecurity shall not take any action, but it will still detect possible attacks and will keep all information in a log as if it were completely active. The logs could be found within the same section of the Control Panel and they include info about the IP where an attack came from, what its nature was, what rule ModSecurity applies to recognize and stop it, and so on. The security rules we employ on our machines are a mix of commercial ones from a security company and custom ones developed by our system administrators. Consequently, we provide higher security for your web apps as we can shield them from attacks before security corporations release updates for new threats.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are set up with the Hepsia hosting CP, so your web apps shall be protected from the instant your server is ready. The firewall is turned on by default for any domain or subdomain on the Virtual Private Server, but if required, you'll be able to disable it with a click of your mouse via the corresponding section of Hepsia. You can also set it to work in detection mode, so it'll maintain a detailed log of any possible attacks without taking any action to prevent them. The logs can be found in the same section and offer information about the nature of the attack, what IP address it came from and what ModSecurity rule was activated to stop it. For best security, we employ not just commercial rules from a business working in the field of web security, but also custom ones that our admins include personally so as to react to new threats that are still not tackled in the commercial rules.

ModSecurity in Dedicated Servers

All of our dedicated servers which are installed with the Hepsia hosting CP come with ModSecurity, so any application you upload or set up shall be properly secured from the very beginning and you won't need to worry about common attacks or vulnerabilities. An individual section inside Hepsia will enable you to start or stop the firewall for every domain or subdomain, or turn on a detection mode so that it records information regarding intrusions, but does not take actions to stop them. What you shall find in the logs shall allow you to to secure your websites better - the IP address an attack originated from, what website was attacked and how, what ModSecurity rule was triggered, and so on. With this info, you can see whether a site needs an update, whether you ought to block IPs from accessing your web server, and so forth. Aside from the third-party commercial security rules for ModSecurity that we use, our admins include custom ones too when they discover a new threat that's not yet included in the commercial bundle.