ModSecurity is an effective firewall for Apache web servers that is employed to stop attacks toward web applications. It keeps track of the HTTP traffic to a specific website in real time and stops any intrusion attempts as soon as it detects them. The firewall uses a set of rules to do this - for example, attempting to log in to a script administrator area unsuccessfully many times activates one rule, sending a request to execute a specific file which could result in gaining access to the website triggers a different rule, etc. ModSecurity is amongst the best firewalls available and it will preserve even scripts which are not updated regularly since it can prevent attackers from using known exploits and security holes. Quite thorough information about every single intrusion attempt is recorded and the logs the firewall maintains are considerably more detailed than the conventional logs provided by the Apache server, so you may later examine them and determine whether you need to take additional measures in order to improve the security of your script-driven websites.

ModSecurity in Cloud Hosting

ModSecurity is available on all cloud hosting servers, so when you decide to host your websites with our company, they'll be resistant to a wide array of attacks. The firewall is turned on by default for all domains and subdomains, so there shall be nothing you'll have to do on your end. You will be able to stop ModSecurity for any website if required, or to enable a detection mode, so that all activity will be recorded, but the firewall shall not take any real action. You'll be able to view comprehensive logs via your Hepsia Control Panel including the IP address where the attack came from, what the attacker planned to do and how ModSecurity dealt with the threat. Since we take the security of our clients' sites seriously, we employ a group of commercial rules that we get from one of the top companies that maintain this kind of rules. Our administrators also add custom rules to make certain that your Internet sites shall be shielded from as many threats as possible.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server plans which we offer include ModSecurity and given that the firewall is enabled by default, any website that you create under a domain or a subdomain will be protected immediately. A separate section in the Hepsia CP which comes with the semi-dedicated accounts is dedicated to ModSecurity and it will enable you to stop and start the firewall for any site or enable a detection mode. With the latter, ModSecurity will not take any action, but it shall still identify possible attacks and will keep all data inside a log as if it were 100% active. The logs can be found in the same section of the Control Panel and they feature information about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to detect and stop it, etc. The security rules that we use on our web servers are a mix between commercial ones from a security business and custom ones made by our system admins. Consequently, we offer greater security for your web applications as we can defend them from attacks before security firms release updates for brand new threats.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are provided with the Hepsia hosting CP, so your web programs shall be secured from the second your server is in a position. The firewall is switched on by default for any domain or subdomain on the VPS, but if required, you could deactivate it with a click via the corresponding section of Hepsia. You could also set it to work in detection mode, so it will maintain a detailed log of any potential attacks without taking any action to prevent them. The logs are available within the exact same section and provide details about the nature of the attack, what IP it originated from and what ModSecurity rule was triggered to stop it. For best security, we employ not just commercial rules from a business working in the field of web security, but also custom ones our admins include manually in order to react to new risks that are still not addressed in the commercial rules.

ModSecurity in Dedicated Servers

ModSecurity is provided with all dedicated servers which are set up with our Hepsia CP and you won't have to do anything specific on your end to use it as it's enabled by default each time you include a new domain or subdomain on your hosting server. In case it interferes with any of your applications, you'll be able to stop it through the respective part of Hepsia, or you can leave it in passive mode, so it'll recognize attacks and shall still maintain a log for them, but will not prevent them. You'll be able to analyze the logs later to find out what you can do to boost the safety of your websites as you will find info such as where an intrusion attempt originated from, what Internet site was attacked and based upon what rule ModSecurity reacted, etcetera. The rules we employ are commercial, hence they're constantly updated by a security company, but to be on the safe side, our staff also include custom rules occasionally as to react to any new threats they have found.