ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its performance and in case it identifies an intrusion attempt, it blocks it. The firewall furthermore keeps a more comprehensive log for the traffic than any server does, so you shall manage to keep an eye on what's going on with your Internet sites better than if you rely merely on standard logs. ModSecurity employs security rules based on which it prevents attacks. For instance, it recognizes if someone is trying to log in to the admin area of a particular script several times or if a request is sent to execute a file with a certain command. In such situations these attempts trigger the corresponding rules and the firewall program hinders the attempts immediately, then records in-depth info about them in its logs. ModSecurity is among the very best software firewalls out there and it can protect your web applications against a huge number of threats and vulnerabilities, particularly if you don’t update them or their plugins frequently.

ModSecurity in Cloud Web Hosting

ModSecurity comes standard with all cloud web hosting plans that we offer and it shall be activated automatically for any domain or subdomain that you add/create in your Hepsia hosting Control Panel. The firewall has three different modes, so you can activate and disable it with just a click or set it to detection mode, so it will keep a log of all attacks, but it'll not do anything to stop them. The log for each of your Internet sites shall feature detailed information such as the nature of the attack, where it came from, what action was taken by ModSecurity, etc. The firewall rules which we use are constantly updated and comprise of both commercial ones which we get from a third-party security firm and custom ones our system administrators add in case that they detect a new type of attacks. This way, the Internet sites that you host here shall be much more secure with no action required on your end.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server plans which we offer come with ModSecurity and because the firewall is turned on by default, any Internet site which you set up under a domain or a subdomain will be protected right away. A separate section within the Hepsia CP that comes with the semi-dedicated accounts is devoted to ModSecurity and it'll enable you to start and stop the firewall for any website or enable a detection mode. With the latter, ModSecurity shall not take any action, but it'll still recognize possible attacks and will keep all info within a log as if it were completely active. The logs can be found inside the very same section of the Control Panel and they include info about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to detect and stop it, and so on. The security rules we use on our machines are a mix of commercial ones from a security company and custom ones created by our system administrators. Consequently, we offer greater security for your web programs as we can defend them from attacks before security firms release updates for completely new threats.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are provided with the Hepsia hosting CP, so your web programs will be secured from the instant your server is in a position. The firewall is activated by default for any domain or subdomain on the Virtual Private Server, but if required, you'll be able to disable it with a mouse click from the corresponding section of Hepsia. You could also set it to work in detection mode, so it shall maintain a comprehensive log of any potential attacks without taking any action to stop them. The logs can be found within the very same section and offer info about the nature of the attack, what IP it came from and what ModSecurity rule was initiated to stop it. For best security, we use not only commercial rules from a firm working in the field of web security, but also custom ones that our administrators include personally so as to respond to new risks that are still not dealt with in the commercial rules.

ModSecurity in Dedicated Servers

All of our dedicated servers that are set up with the Hepsia hosting CP feature ModSecurity, so any application that you upload or set up shall be protected from the very beginning and you'll not have to concern yourself with common attacks or vulnerabilities. An individual section within Hepsia will permit you to start or stop the firewall for each domain or subdomain, or turn on a detection mode so that it records details about intrusions, but doesn't take actions to prevent them. What you'll see in the logs can enable you to to secure your Internet sites better - the IP address an attack came from, what site was attacked as well as how, what ModSecurity rule was triggered, etcetera. With this data, you can see if a site needs an update, whether you should block IPs from accessing your server, etcetera. Besides the third-party commercial security rules for ModSecurity we use, our admins add custom ones as well every time they come across a new threat that is not yet in the commercial bundle.