ModSecurity is an effective firewall for Apache web servers which is employed to stop attacks towards web apps. It keeps track of the HTTP traffic to a specific site in real time and blocks any intrusion attempts the moment it discovers them. The firewall relies on a set of rules to do that - for example, attempting to log in to a script admin area unsuccessfully many times triggers one rule, sending a request to execute a specific file which may result in gaining access to the Internet site triggers a different rule, and so on. ModSecurity is one of the best firewalls out there and it'll protect even scripts that aren't updated on a regular basis since it can prevent attackers from employing known exploits and security holes. Quite thorough data about every single intrusion attempt is recorded and the logs the firewall keeps are considerably more specific than the standard logs provided by the Apache server, so you could later examine them and determine if you need to take more measures in order to increase the safety of your script-driven websites.

ModSecurity in Shared Hosting

ModSecurity is supplied with all shared hosting machines, so when you decide to host your sites with our organization, they'll be resistant to an array of attacks. The firewall is enabled as standard for all domains and subdomains, so there'll be nothing you shall have to do on your end. You will be able to stop ModSecurity for any site if needed, or to switch on a detection mode, so that all activity shall be recorded, but the firewall won't take any real action. You will be able to view specific logs through your Hepsia CP including the IP address where the attack originated from, what the attacker wanted to do and how ModSecurity handled the threat. Since we take the safety of our clients' websites very seriously, we use a set of commercial rules that we take from one of the best companies that maintain this type of rules. Our administrators also add custom rules to ensure that your Internet sites will be resistant to as many threats as possible.

ModSecurity in Semi-dedicated Hosting

Any web application you install inside your new semi-dedicated hosting account shall be protected by ModSecurity as the firewall comes with all our hosting packages and is switched on by default for any domain and subdomain you add or create through your Hepsia hosting CP. You'll be able to manage ModSecurity via a dedicated area within Hepsia where not only can you activate or deactivate it entirely, but you may also activate a passive mode, so the firewall shall not stop anything, but it will still keep a record of potential attacks. This normally requires simply a click and you shall be able to view the logs no matter if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was dealt with, etc. The firewall employs two sets of rules on our machines - a commercial one that we get from a third-party web security company and a custom one that our admins update manually as to respond to newly discovered threats immediately.

ModSecurity in VPS Hosting

ModSecurity is included with all Hepsia-based virtual private servers we offer and it'll be activated automatically for every new domain or subdomain which you include on the web server. That way, any web application that you install will be secured immediately without doing anything by hand on your end. The firewall may be handled from the section of the CP that has the same name. This is the location whereyou can turn off ModSecurity or let its passive mode, so it will not take any action toward threats, but shall still keep a thorough log. The recorded information is available in the same area as well and you'll be able to see what IPs any attacks originated from so that you can stop them, what the nature of the attempted attacks was and based on what security rules ModSecurity responded. The rules that we use on our servers are a mixture between commercial ones which we get from a security company and custom ones that are included by our administrators to enhance the security of any web applications hosted on our end.

ModSecurity in Dedicated Web Hosting

ModSecurity is provided as standard with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain which you create on the server. In the event that a web app doesn't operate properly, you may either turn off the firewall or set it to function in passive mode. The latter means that ModSecurity shall keep a log of any potential attack that may occur, but shall not take any action to prevent it. The logs created in active or passive mode shall offer you additional details about the exact file that was attacked, the nature of the attack and the IP address it came from, etcetera. This data shall permit you to decide what measures you can take to increase the safety of your Internet sites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules that we use are updated frequently with a commercial bundle from a third-party security firm we work with, but from time to time our administrators include their own rules as well in the event that they find a new potential threat.