ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to an Internet site without affecting its operation and in case it discovers an intrusion attempt, it prevents it. The firewall additionally keeps a more comprehensive log for the site visitors than any server does, so you shall be able to monitor what's going on with your sites a lot better than if you rely merely on standard logs. ModSecurity works with security rules based on which it helps prevent attacks. For example, it recognizes whether somebody is trying to log in to the administration area of a specific script a number of times or if a request is sent to execute a file with a particular command. In these instances these attempts set off the corresponding rules and the firewall blocks the attempts immediately, then records comprehensive details about them in its logs. ModSecurity is one of the most effective software firewalls available and it could easily protect your web applications against thousands of threats and vulnerabilities, especially in case you don’t update them or their plugins often.

ModSecurity in Cloud Website Hosting

ModSecurity comes standard with all cloud website hosting packages that we provide and it will be turned on automatically for any domain or subdomain which you add/create inside your Hepsia hosting Control Panel. The firewall has 3 different modes, so you'll be able to activate and deactivate it with just a mouse click or set it to detection mode, so it'll keep a log of all attacks, but it will not do anything to prevent them. The log for each of your Internet sites will feature detailed information including the nature of the attack, where it originated from, what action was taken by ModSecurity, and so on. The firewall rules we use are regularly updated and incorporate both commercial ones which we get from a third-party security firm and custom ones our system admins include in case that they detect a new kind of attacks. In this way, the websites you host here shall be way more protected without any action required on your end.

ModSecurity in Semi-dedicated Hosting

ModSecurity is part of our semi-dedicated hosting solutions and if you opt to host your sites with our company, there will not be anything special you'll have to do given that the firewall is turned on by default for all domains and subdomains that you add using your hosting Control Panel. If needed, you could disable ModSecurity for a certain website or activate the so-called detection mode in which case the firewall will still operate and record data, but shall not do anything to prevent potential attacks against your sites. Thorough logs will be accessible within your Control Panel and you'll be able to see what sort of attacks occurred, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks came from, and so forth. We employ two sorts of rules on our servers - commercial ones from a business which operates in the field of web security, and custom made ones that our admins sometimes include to respond to newly discovered threats in a timely manner.

ModSecurity in VPS Web Hosting

Protection is of the utmost importance to us, so we install ModSecurity on all virtual private servers which are made available with the Hepsia CP by default. The firewall could be managed through a dedicated section within Hepsia and is activated automatically when you include a new domain or generate a subdomain, so you won't have to do anything personally. You'll also be able to deactivate it or turn on the so-called detection mode, so it shall keep a log of possible attacks that you can later examine, but won't stop them. The logs in both passive and active modes offer information regarding the type of the attack and how it was eliminated, what IP address it came from and other valuable info which may help you to tighten the security of your websites by updating them or blocking IPs, for example. Beyond the commercial rules we get for ModSecurity from a third-party security firm, we also implement our own rules since once in a while we identify specific attacks that aren't yet present inside the commercial group. This way, we could boost the security of your Virtual private server promptly instead of waiting for a certified update.

ModSecurity in Dedicated Servers Hosting

ModSecurity is offered by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain which you create on the server. In case that a web app doesn't operate properly, you may either turn off the firewall or set it to operate in passive mode. The second means that ModSecurity shall keep a log of any possible attack that might happen, but shall not take any action to prevent it. The logs generated in active or passive mode will provide you with additional details about the exact file which was attacked, the nature of the attack and the IP it came from, and so on. This data will allow you to determine what steps you can take to boost the safety of your websites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we employ are updated frequently with a commercial bundle from a third-party security provider we work with, but from time to time our administrators include their own rules as well if they identify a new potential threat.