ModSecurity is a powerful firewall for Apache web servers which is used to prevent attacks toward web applications. It keeps track of the HTTP traffic to a particular site in real time and stops any intrusion attempts as soon as it detects them. The firewall relies on a set of rules to do that - for instance, attempting to log in to a script admin area unsuccessfully a few times sets off one rule, sending a request to execute a certain file that could result in accessing the Internet site triggers another rule, etcetera. ModSecurity is amongst the best firewalls available on the market and it'll secure even scripts which are not updated often because it can prevent attackers from employing known exploits and security holes. Very comprehensive information about every intrusion attempt is recorded and the logs the firewall maintains are a lot more specific than the standard logs provided by the Apache server, so you could later take a look at them and determine if you need to take additional measures in order to increase the protection of your script-driven Internet sites.

ModSecurity in Shared Web Hosting

ModSecurity comes standard with all shared web hosting packages that we provide and it'll be turned on automatically for any domain or subdomain which you add/create within your Hepsia hosting CP. The firewall has 3 different modes, so you can switch on and deactivate it with only a mouse click or set it to detection mode, so it will keep a log of all attacks, but it shall not do anything to prevent them. The log for each of your websites shall include in-depth info such as the nature of the attack, where it came from, what action was taken by ModSecurity, and so on. The firewall rules we use are regularly updated and consist of both commercial ones we get from a third-party security business and custom ones that our system admins add in case that they detect a new sort of attacks. That way, the websites which you host here shall be far more protected without any action required on your end.

ModSecurity in Semi-dedicated Servers

We have integrated ModSecurity as a standard within all semi-dedicated server packages, so your web applications shall be protected the instant you set them up under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts shall permit you to enable or turn off the firewall for any Internet site with a mouse click. You shall also have the ability to activate a passive detection mode in which ModSecurity shall maintain a log of possible attacks without actually stopping them. The detailed logs include things like the nature of the attack and what ModSecurity response this attack initiated, where it came from, etc. The list of rules we employ is constantly updated in order to match any new threats which could appear on the Internet and it consists of both commercial rules that we get from a security business and custom-written ones that our administrators add in case they discover a threat that's not present in the commercial list yet.

ModSecurity in VPS Servers

Safety is very important to us, so we set up ModSecurity on all VPS servers which are made available with the Hepsia CP by default. The firewall could be managed via a dedicated section in Hepsia and is activated automatically when you include a new domain or create a subdomain, so you won't have to do anything manually. You will also be able to deactivate it or turn on the so-called detection mode, so it will keep a log of potential attacks that you can later examine, but will not prevent them. The logs in both passive and active modes include information regarding the form of the attack and how it was prevented, what IP address it originated from and other useful information that might help you to tighten the security of your websites by updating them or blocking IPs, as an example. Besides the commercial rules that we get for ModSecurity from a third-party security enterprise, we also employ our own rules since every now and then we find specific attacks which are not yet present within the commercial package. That way, we could increase the security of your VPS promptly rather than awaiting an official update.

ModSecurity in Dedicated Servers

When you decide to host your websites on a dedicated server with the Hepsia Control Panel, your web apps will be secured right from the start because ModSecurity is available with all Hepsia-based solutions. You will be able to regulate the firewall with ease and if necessary, you shall be able to turn it off or enable its passive mode when it will only maintain a log of what is taking place without taking any action to prevent potential attacks. The logs which you will find in the same section of the CP are quite detailed and contain details about the attacker IP, what website and file were attacked and in what way, what rule the firewall employed to stop the intrusion, and so forth. This data will enable you to take measures and improve the protection of your sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones that our admins include whenever they detect attacks that have not yet been included inside the commercial pack.