ModSecurity is an effective firewall for Apache web servers which is employed to stop attacks toward web applications. It monitors the HTTP traffic to a certain Internet site in real time and blocks any intrusion attempts as soon as it discovers them. The firewall uses a set of rules to accomplish that - as an illustration, attempting to log in to a script administrator area without success several times sets off one rule, sending a request to execute a specific file that could result in gaining access to the website triggers another rule, etcetera. ModSecurity is among the best firewalls around and it will preserve even scripts which aren't updated on a regular basis since it can prevent attackers from employing known exploits and security holes. Incredibly thorough information about each and every intrusion attempt is recorded and the logs the firewall maintains are considerably more detailed than the conventional logs provided by the Apache server, so you can later analyze them and decide whether you need to take extra measures in order to enhance the safety of your script-driven Internet sites.

ModSecurity in Web Hosting

ModSecurity is supplied with all web hosting machines, so if you choose to host your websites with our business, they will be shielded from a wide range of attacks. The firewall is enabled by default for all domains and subdomains, so there will be nothing you will need to do on your end. You shall be able to stop ModSecurity for any Internet site if necessary, or to switch on a detection mode, so that all activity will be recorded, but the firewall will not take any real action. You'll be able to view detailed logs from your Hepsia Control Panel including the IP where the attack originated from, what the attacker wished to do and how ModSecurity dealt with the threat. Since we take the safety of our clients' websites seriously, we use a group of commercial rules that we take from one of the leading firms that maintain this sort of rules. Our administrators also add custom rules to make certain that your Internet sites will be protected against as many threats as possible.

ModSecurity in Semi-dedicated Hosting

Any web application that you set up inside your new semi-dedicated hosting account shall be protected by ModSecurity as the firewall comes with all our hosting plans and is activated by default for any domain and subdomain that you add or create through your Hepsia hosting CP. You'll be able to manage ModSecurity via a dedicated section in Hepsia where not only could you activate or deactivate it completely, but you can also activate a passive mode, so the firewall shall not block anything, but it shall still maintain a record of possible attacks. This normally requires just a click and you shall be able to see the logs regardless if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was addressed, and so forth. The firewall uses two sets of rules on our servers - a commercial one that we get from a third-party web security firm and a custom one that our admins update manually in order to respond to newly discovered risks at the earliest opportunity.

ModSecurity in VPS Web Hosting

Security is vital to us, so we set up ModSecurity on all virtual private servers which are made available with the Hepsia Control Panel as a standard. The firewall can be managed through a dedicated section in Hepsia and is turned on automatically when you include a new domain or create a subdomain, so you won't need to do anything personally. You will also be able to disable it or activate the so-called detection mode, so it'll maintain a log of potential attacks that you can later analyze, but will not prevent them. The logs in both passive and active modes include details about the type of the attack and how it was prevented, what IP address it originated from and other useful data which may help you to tighten the security of your sites by updating them or blocking IPs, for example. Besides the commercial rules that we get for ModSecurity from a third-party security company, we also use our own rules as from time to time we find specific attacks that aren't yet present inside the commercial group. This way, we can easily improve the protection of your VPS promptly as opposed to awaiting a certified update.

ModSecurity in Dedicated Servers Hosting

ModSecurity comes with all dedicated servers that are integrated with our Hepsia CP and you'll not have to do anything specific on your end to use it as it is turned on by default every time you include a new domain or subdomain on your hosting server. In case it interferes with any of your applications, you will be able to stop it via the respective section of Hepsia, or you could leave it operating in passive mode, so it will detect attacks and shall still keep a log for them, but won't prevent them. You could analyze the logs later to learn what you can do to boost the protection of your sites since you shall find information such as where an intrusion attempt came from, what website was attacked and based on what rule ModSecurity responded, etcetera. The rules which we employ are commercial, therefore they are regularly updated by a security provider, but to be on the safe side, our admins also include custom rules once in a while as to deal with any new threats they have found.