ModSecurity is a potent web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its overall performance and if it identifies an intrusion attempt, it blocks it. The firewall also maintains a more comprehensive log for the site visitors than any server does, so you'll manage to monitor what's going on with your sites a lot better than if you rely only on standard logs. ModSecurity employs security rules based on which it prevents attacks. For example, it recognizes if somebody is trying to log in to the administration area of a particular script multiple times or if a request is sent to execute a file with a certain command. In such instances these attempts set off the corresponding rules and the software hinders the attempts right away, then records in-depth info about them within its logs. ModSecurity is among the very best software firewalls out there and it can protect your web applications against a large number of threats and vulnerabilities, especially if you don’t update them or their plugins often.

ModSecurity in Cloud Hosting

ModSecurity comes by default with all cloud hosting solutions which we provide and it shall be turned on automatically for any domain or subdomain which you add/create inside your Hepsia hosting CP. The firewall has 3 different modes, so you'll be able to activate and disable it with a mouse click or set it to detection mode, so it will maintain a log of all attacks, but it shall not do anything to stop them. The log for each of your sites shall contain detailed info such as the nature of the attack, where it originated from, what action was taken by ModSecurity, and so forth. The firewall rules which we use are regularly updated and incorporate both commercial ones which we get from a third-party security company and custom ones that our system admins include in case that they detect a new type of attacks. This way, the sites which you host here shall be far more secure without any action needed on your end.

ModSecurity in Semi-dedicated Servers

ModSecurity is part of our semi-dedicated server solutions and if you decide to host your websites with our company, there will not be anything special you'll need to do as the firewall is activated by default for all domains and subdomains you add via your hosting CP. If required, you can disable ModSecurity for a certain website or switch on the so-called detection mode in which case the firewall shall still function and record information, but won't do anything to prevent possible attacks on your sites. Detailed logs shall be accessible in your Control Panel and you will be able to see what sort of attacks occurred, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks originated from, and so on. We employ two sorts of rules on our servers - commercial ones from an organization that operates in the field of web security, and custom ones which our administrators occasionally add to respond to newly identified threats in a timely manner.

ModSecurity in VPS Servers

Security is vital to us, so we set up ModSecurity on all VPS servers which are provided with the Hepsia CP as a standard. The firewall can be managed through a dedicated section inside Hepsia and is turned on automatically when you add a new domain or create a subdomain, so you will not have to do anything personally. You shall also be able to disable it or switch on the so-called detection mode, so it shall maintain a log of possible attacks that you can later study, but shall not block them. The logs in both passive and active modes contain info about the form of the attack and how it was stopped, what IP address it came from and other useful info which could help you to tighten the security of your websites by updating them or blocking IPs, for instance. Besides the commercial rules which we get for ModSecurity from a third-party security firm, we also implement our own rules as every now and then we discover specific attacks that are not yet present within the commercial group. That way, we can enhance the security of your VPS right away instead of awaiting a certified update.

ModSecurity in Dedicated Servers

If you decide to host your sites on a dedicated server with the Hepsia Control Panel, your web apps shall be secured right away as ModSecurity is provided with all Hepsia-based plans. You'll be able to manage the firewall without difficulty and if needed, you shall be able to turn it off or enable its passive mode when it shall only maintain a log of what is occurring without taking any action to stop potential attacks. The logs that you can find within the exact same section of the CP are incredibly detailed and include information about the attacker IP, what site and file were attacked and in what ways, what rule the firewall used to prevent the intrusion, and so on. This data will enable you to take measures and increase the security of your sites even more. To be on the safe side, we use not only commercial rules, but also custom-made ones that our administrators add every time they detect attacks that haven't yet been included in the commercial pack.