ModSecurity is a potent web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its performance and when it identifies an intrusion attempt, it prevents it. The firewall also maintains a more thorough log for the site visitors than any server does, so you will be able to keep track of what's going on with your Internet sites much better than if you rely only on conventional logs. ModSecurity works with security rules based on which it helps prevent attacks. For instance, it detects whether anyone is trying to log in to the admin area of a particular script multiple times or if a request is sent to execute a file with a specific command. In these cases these attempts trigger the corresponding rules and the firewall program blocks the attempts instantly, then records in-depth information about them in its logs. ModSecurity is among the very best software firewalls on the market and it could easily protect your web applications against many threats and vulnerabilities, especially in case you don’t update them or their plugins often.

ModSecurity in Hosting

ModSecurity is available with every single hosting package which we offer and it's switched on by default for every domain or subdomain that you include via your Hepsia CP. In case it interferes with any of your programs or you'd like to disable it for some reason, you will be able to do that through the ModSecurity section of Hepsia with just a mouse click. You could also enable a passive mode, so the firewall will detect potential attacks and keep a log, but won't take any action. You could see detailed logs in the very same section, including the IP where the attack originated from, what precisely the attacker attempted to do and at what time, what ModSecurity did, and so forth. For max security of our clients we use a set of commercial firewall rules combined with custom ones that are provided by our system administrators.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting solutions that we offer include ModSecurity and since the firewall is turned on by default, any website that you build under a domain or a subdomain shall be secured straight away. An independent section in the Hepsia Control Panel which comes with the semi-dedicated accounts is devoted to ModSecurity and it shall permit you to start and stop the firewall for any site or switch on a detection mode. With the last option, ModSecurity shall not take any action, but it shall still identify possible attacks and will keep all information in a log as if it were 100% active. The logs could be found inside the same section of the CP and they offer info about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to recognize and stop it, etcetera. The security rules we use on our web servers are a mix of commercial ones from a security company and custom ones made by our system admins. As a result, we provide higher security for your web programs as we can protect them from attacks before security firms release updates for new threats.

ModSecurity in VPS

ModSecurity is pre-installed on all virtual private servers that are offered with the Hepsia hosting Control Panel, so your web apps shall be secured from the moment your server is in a position. The firewall is switched on by default for any domain or subdomain on the Virtual Private Server, but if needed, you could deactivate it with a click through the corresponding section of Hepsia. You can also set it to function in detection mode, so it shall keep a detailed log of any possible attacks without taking any action to prevent them. The logs can be found in the same section and provide information regarding the nature of the attack, what IP address it came from and what ModSecurity rule was triggered to stop it. For maximum security, we use not only commercial rules from a business operating in the field of web security, but also custom ones that our admins add personally so as to react to new risks that are still not addressed in the commercial rules.

ModSecurity in Dedicated Hosting

If you choose to host your Internet sites on a dedicated server with the Hepsia Control Panel, your web programs will be secured right away as ModSecurity is available with all Hepsia-based plans. You will be able to control the firewall without difficulty and if needed, you will be able to turn it off or activate its passive mode when it'll only keep a log of what is happening without taking any action to prevent potential attacks. The logs that you'll find in the very same section of the CP are really detailed and include info about the attacker IP address, what site and file were attacked and in what ways, what rule the firewall employed to stop the intrusion, and so on. This information will enable you to take measures and increase the security of your sites even more. To be on the safe side, we employ not just commercial rules, but also custom-made ones which our admins include when they identify attacks which have not yet been included in the commercial pack.