ModSecurity is an effective firewall for Apache web servers that's used to stop attacks towards web applications. It tracks the HTTP traffic to a particular site in real time and prevents any intrusion attempts the moment it discovers them. The firewall relies on a set of rules to do this - for instance, trying to log in to a script admin area without success several times triggers one rule, sending a request to execute a particular file which could result in accessing the site triggers a different rule, and so forth. ModSecurity is amongst the best firewalls available and it'll preserve even scripts that aren't updated regularly as it can prevent attackers from employing known exploits and security holes. Quite detailed information about each intrusion attempt is recorded and the logs the firewall keeps are much more comprehensive than the conventional logs provided by the Apache server, so you can later take a look at them and determine if you need to take additional measures so as to enhance the security of your script-driven Internet sites.

ModSecurity in Cloud Hosting

ModSecurity comes standard with all cloud hosting plans that we offer and it will be activated automatically for any domain or subdomain that you add/create within your Hepsia hosting Control Panel. The firewall has 3 different modes, so you could switch on and disable it with only a mouse click or set it to detection mode, so it will maintain a log of all attacks, but it will not do anything to prevent them. The log for each of your Internet sites shall feature detailed information which includes the nature of the attack, where it originated from, what action was taken by ModSecurity, etc. The firewall rules we use are regularly updated and comprise of both commercial ones we get from a third-party security company and custom ones which our system admins include in the event that they detect a new type of attacks. This way, the sites that you host here shall be far more protected without any action required on your end.

ModSecurity in Semi-dedicated Hosting

We have incorporated ModSecurity by default inside all semi-dedicated hosting plans, so your web apps shall be protected whenever you install them under any domain or subdomain. The Hepsia Control Panel that is included with the semi-dedicated accounts will allow you to enable or turn off the firewall for any Internet site with a mouse click. You'll also have the ability to turn on a passive detection mode with which ModSecurity will maintain a log of potential attacks without actually stopping them. The detailed logs include things like the nature of the attack and what ModSecurity response this attack triggered, where it originated from, and so forth. The list of rules that we employ is constantly updated as to match any new risks that may appear on the Internet and it features both commercial rules that we get from a security firm and custom-written ones which our admins add in the event that they discover a threat that's not present in the commercial list yet.

ModSecurity in VPS Hosting

Safety is very important to us, so we install ModSecurity on all virtual private servers that are provided with the Hepsia CP by default. The firewall could be managed via a dedicated section within Hepsia and is activated automatically when you include a new domain or create a subdomain, so you will not need to do anything personally. You will also be able to disable it or turn on the so-called detection mode, so it will keep a log of potential attacks that you can later examine, but will not stop them. The logs in both passive and active modes offer information regarding the kind of the attack and how it was prevented, what IP it originated from and other useful information that might help you to tighten the security of your websites by updating them or blocking IPs, for instance. Besides the commercial rules which we get for ModSecurity from a third-party security firm, we also use our own rules because every now and then we detect specific attacks which are not yet present within the commercial pack. This way, we could boost the security of your Virtual private server instantly rather than awaiting a certified update.

ModSecurity in Dedicated Web Hosting

ModSecurity is available as standard with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain which you create on the server. In the event that a web app doesn't function adequately, you could either switch off the firewall or set it to function in passive mode. The latter means that ModSecurity shall keep a log of any potential attack which could take place, but won't take any action to stop it. The logs created in active or passive mode will give you additional details about the exact file which was attacked, the nature of the attack and the IP address it came from, etc. This information will enable you to decide what measures you can take to improve the safety of your Internet sites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules which we use are updated regularly with a commercial pack from a third-party security firm we work with, but oftentimes our staff include their own rules too when they identify a new potential threat.