ModSecurity is a highly effective firewall for Apache web servers that is used to stop attacks toward web apps. It tracks the HTTP traffic to a given website in real time and prevents any intrusion attempts the moment it detects them. The firewall relies on a set of rules to do this - for instance, trying to log in to a script administrator area without success a few times triggers one rule, sending a request to execute a specific file that could result in gaining access to the Internet site triggers another rule, and so on. ModSecurity is among the best firewalls available and it'll secure even scripts that are not updated frequently since it can prevent attackers from using known exploits and security holes. Quite thorough info about each and every intrusion attempt is recorded and the logs the firewall keeps are considerably more comprehensive than the regular logs generated by the Apache server, so you could later examine them and determine whether you need to take additional measures so as to boost the safety of your script-driven websites.

ModSecurity in Shared Hosting

ModSecurity is provided with all shared hosting web servers, so if you opt to host your sites with our organization, they'll be protected against a wide range of attacks. The firewall is enabled by default for all domains and subdomains, so there shall be nothing you shall have to do on your end. You will be able to stop ModSecurity for any Internet site if necessary, or to activate a detection mode, so all activity will be recorded, but the firewall won't take any real action. You shall be able to view detailed logs through your Hepsia CP including the IP address where the attack came from, what the attacker wished to do and how ModSecurity dealt with the threat. Since we take the security of our customers' websites seriously, we employ a set of commercial rules that we get from one of the top companies which maintain such rules. Our administrators also add custom rules to make certain that your websites will be resistant to as many threats as possible.

ModSecurity in Semi-dedicated Servers

We have integrated ModSecurity by default inside all semi-dedicated server packages, so your web applications shall be protected the instant you set them up under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts shall allow you to activate or disable the firewall for any Internet site with a click. You'll also be able to switch on a passive detection mode through which ModSecurity will maintain a log of potential attacks without really preventing them. The thorough logs include the nature of the attack and what ModSecurity response that attack activated, where it came from, etc. The list of rules which we use is regularly updated in order to match any new risks which may appear on the Internet and it comes with both commercial rules that we get from a security firm and custom-written ones which our administrators include if they discover a threat that is not present in the commercial list yet.

ModSecurity in VPS Servers

All VPS servers which are offered with the Hepsia CP come with ModSecurity. The firewall is set up and switched on by default for all domains which are hosted on the server, so there shall not be anything special that you'll need to do to protect your Internet sites. It shall take you a click to stop ModSecurity if necessary or to turn on its passive mode so that it records what happens without taking any steps to stop intrusions. You'll be able to look at the logs produced in active or passive mode through the corresponding section of Hepsia and discover more about the type of the attack, where it came from, what rule the firewall employed to handle it, etcetera. We employ a combination of commercial and custom rules in order to ensure that ModSecurity shall block out as many threats as possible, thus increasing the protection of your web programs as much as possible.

ModSecurity in Dedicated Servers

ModSecurity is included with all dedicated servers which are integrated with our Hepsia CP and you won't need to do anything specific on your end to employ it as it's turned on by default whenever you include a new domain or subdomain on your server. In the event that it interferes with some of your apps, you will be able to stop it via the respective area of Hepsia, or you can leave it in passive mode, so it shall identify attacks and will still maintain a log for them, but shall not prevent them. You may analyze the logs later to find out what you can do to increase the safety of your websites since you shall find information such as where an intrusion attempt originated from, what Internet site was attacked and based on what rule ModSecurity responded, and so on. The rules that we use are commercial, therefore they are regularly updated by a security provider, but to be on the safe side, our administrators also add custom rules once in a while as to respond to any new threats they have found.