ModSecurity is a potent web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its performance and if it identifies an intrusion attempt, it blocks it. The firewall also maintains a more detailed log for the site visitors than any server does, so you will be able to keep an eye on what is going on with your websites better than if you rely only on standard logs. ModSecurity employs security rules based on which it stops attacks. For example, it identifies if anyone is trying to log in to the admin area of a certain script a number of times or if a request is sent to execute a file with a specific command. In these cases these attempts trigger the corresponding rules and the firewall program blocks the attempts immediately, and then records detailed info about them inside its logs. ModSecurity is one of the best software firewalls out there and it can easily protect your web apps against a huge number of threats and vulnerabilities, especially if you don’t update them or their plugins frequently.

ModSecurity in Cloud Web Hosting

ModSecurity is provided with all cloud web hosting machines, so when you opt to host your sites with our organization, they will be resistant to a wide range of attacks. The firewall is turned on as standard for all domains and subdomains, so there will be nothing you'll need to do on your end. You will be able to stop ModSecurity for any Internet site if needed, or to activate a detection mode, so all activity shall be recorded, but the firewall shall not take any real action. You'll be able to view specific logs through your Hepsia Control Panel including the IP where the attack came from, what the attacker wanted to do and how ModSecurity addressed the threat. As we take the protection of our customers' websites seriously, we employ a set of commercial rules that we take from one of the best companies which maintain this sort of rules. Our admins also include custom rules to make certain that your Internet sites shall be shielded from as many threats as possible.

ModSecurity in Semi-dedicated Servers

We have incorporated ModSecurity as a standard inside all semi-dedicated server products, so your web apps shall be protected whenever you set them up under any domain or subdomain. The Hepsia CP that is included with the semi-dedicated accounts will allow you to enable or disable the firewall for any site with a mouse click. You shall also be able to switch on a passive detection mode in which ModSecurity shall keep a log of possible attacks without actually preventing them. The thorough logs include things like the nature of the attack and what ModSecurity response this attack generated, where it originated from, etcetera. The list of rules which we employ is frequently updated in order to match any new risks that may appear on the Internet and it features both commercial rules that we get from a security business and custom-written ones which our administrators include in the event that they find a threat that is not present in the commercial list yet.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers which are offered with the Hepsia hosting CP, so your web apps shall be secured from the instant your server is in a position. The firewall is turned on by default for any domain or subdomain on the VPS, but if required, you'll be able to deactivate it with a mouse click through the corresponding section of Hepsia. You may also set it to operate in detection mode, so it'll maintain a detailed log of any possible attacks without taking any action to stop them. The logs can be found inside the same section and include details about the nature of the attack, what IP it originated from and what ModSecurity rule was triggered to stop it. For maximum security, we use not simply commercial rules from a firm working in the field of web security, but also custom ones which our administrators include personally in order to respond to new risks which are still not tackled in the commercial rules.

ModSecurity in Dedicated Servers

ModSecurity is included with all dedicated servers that are integrated with our Hepsia Control Panel and you will not have to do anything specific on your end to use it because it's switched on by default every time you include a new domain or subdomain on your web server. In case it interferes with some of your applications, you shall be able to stop it via the respective area of Hepsia, or you may leave it in passive mode, so it shall identify attacks and will still maintain a log for them, but will not prevent them. You'll be able to look at the logs later to determine what you can do to enhance the protection of your websites since you shall find information such as where an intrusion attempt came from, what Internet site was attacked and in accordance with what rule ModSecurity responded, etc. The rules which we employ are commercial, hence they are frequently updated by a security company, but to be on the safe side, our admins also add custom rules from time to time in order to respond to any new threats they have found.