ModSecurity is a highly effective web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its operation and if it discovers an intrusion attempt, it blocks it. The firewall also maintains a more comprehensive log for the traffic than any server does, so you'll manage to keep track of what is going on with your Internet sites a lot better than if you rely only on conventional logs. ModSecurity employs security rules based on which it prevents attacks. For instance, it recognizes if anyone is trying to log in to the administration area of a specific script multiple times or if a request is sent to execute a file with a particular command. In these instances these attempts trigger the corresponding rules and the software hinders the attempts in real time, after that records detailed info about them inside its logs. ModSecurity is amongst the most effective software firewalls out there and it can easily protect your web applications against a large number of threats and vulnerabilities, particularly in case you don’t update them or their plugins frequently.

ModSecurity in Shared Hosting

ModSecurity is provided with all shared hosting machines, so if you opt to host your Internet sites with our firm, they will be resistant to a wide range of attacks. The firewall is turned on by default for all domains and subdomains, so there will be nothing you will have to do on your end. You shall be able to stop ModSecurity for any Internet site if needed, or to switch on a detection mode, so all activity shall be recorded, but the firewall shall not take any real action. You will be able to view detailed logs using your Hepsia CP including the IP address where the attack originated from, what the attacker planned to do and how ModSecurity addressed the threat. As we take the protection of our customers' sites seriously, we use a group of commercial rules that we take from one of the leading firms that maintain this kind of rules. Our admins also add custom rules to make certain that your Internet sites will be resistant to as many threats as possible.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting solutions which we offer come with ModSecurity and since the firewall is turned on by default, any website that you set up under a domain or a subdomain shall be secured immediately. An independent section within the Hepsia CP which comes with the semi-dedicated accounts is devoted to ModSecurity and it shall allow you to stop and start the firewall for any site or enable a detection mode. With the last mentioned, ModSecurity shall not take any action, but it shall still detect possible attacks and shall keep all information within a log as if it were 100% active. The logs could be found within the exact same section of the CP and they offer specifics about the IP where an attack came from, what its nature was, what rule ModSecurity applies to detect and stop it, and so on. The security rules which we use on our web servers are a mix between commercial ones from a security firm and custom ones developed by our system admins. Therefore, we provide increased security for your web applications as we can defend them from attacks before security companies release updates for completely new threats.

ModSecurity in VPS Hosting

Security is essential to us, so we install ModSecurity on all virtual private servers that are made available with the Hepsia CP by default. The firewall could be managed through a dedicated section within Hepsia and is switched on automatically when you add a new domain or create a subdomain, so you won't need to do anything personally. You will also be able to deactivate it or turn on the so-called detection mode, so it shall maintain a log of possible attacks you can later study, but will not prevent them. The logs in both passive and active modes include information about the kind of the attack and how it was stopped, what IP it originated from and other valuable data which could help you to tighten the security of your sites by updating them or blocking IPs, as an example. In addition to the commercial rules we get for ModSecurity from a third-party security company, we also employ our own rules since once in a while we identify specific attacks that are not yet present in the commercial pack. That way, we can easily boost the protection of your Virtual private server instantly rather than awaiting an official update.

ModSecurity in Dedicated Web Hosting

ModSecurity is included with all dedicated servers which are integrated with our Hepsia CP and you will not have to do anything specific on your end to use it since it is enabled by default whenever you add a new domain or subdomain on your hosting server. If it interferes with some of your applications, you'll be able to stop it via the respective section of Hepsia, or you could leave it operating in passive mode, so it'll identify attacks and will still keep a log for them, but won't prevent them. You could look at the logs later to learn what you can do to enhance the protection of your websites as you will find info such as where an intrusion attempt originated from, what Internet site was attacked and based on what rule ModSecurity reacted, and so forth. The rules that we use are commercial, thus they are regularly updated by a security provider, but to be on the safe side, our staff also include custom rules occasionally in order to respond to any new threats they have discovered.