ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its functionality and if it detects an intrusion attempt, it prevents it. The firewall also keeps a more detailed log for the website visitors than any web server does, so you shall be able to keep an eye on what's going on with your Internet sites much better than if you rely simply on conventional logs. ModSecurity works with security rules based on which it prevents attacks. For instance, it identifies whether someone is attempting to log in to the admin area of a given script several times or if a request is sent to execute a file with a certain command. In such instances these attempts set off the corresponding rules and the firewall hinders the attempts immediately, after that records comprehensive info about them inside its logs. ModSecurity is one of the most effective software firewalls available and it can protect your web applications against a large number of threats and vulnerabilities, particularly in case you don’t update them or their plugins regularly.
ModSecurity in Hosting
ModSecurity is provided with all hosting servers, so if you decide to host your websites with our business, they'll be protected against a wide array of attacks. The firewall is enabled as standard for all domains and subdomains, so there'll be nothing you will need to do on your end. You'll be able to stop ModSecurity for any site if required, or to activate a detection mode, so all activity shall be recorded, but the firewall shall not take any real action. You'll be able to view comprehensive logs from your Hepsia Control Panel including the IP address where the attack originated from, what the attacker wished to do and how ModSecurity addressed the threat. Since we take the security of our customers' websites seriously, we employ a set of commercial rules which we get from one of the leading companies which maintain this kind of rules. Our admins also include custom rules to make certain that your websites will be resistant to as many threats as possible.
ModSecurity in Semi-dedicated Hosting
All semi-dedicated hosting solutions which we offer come with ModSecurity and since the firewall is switched on by default, any site that you build under a domain or a subdomain will be secured right away. A separate section in the Hepsia Control Panel which comes with the semi-dedicated accounts is dedicated to ModSecurity and it shall enable you to start and stop the firewall for any site or switch on a detection mode. With the latter, ModSecurity won't take any action, but it'll still detect possible attacks and shall keep all data in a log as if it were 100% active. The logs could be found in the same section of the CP and they offer details about the IP where an attack came from, what its nature was, what rule ModSecurity applies to detect and stop it, etc. The security rules which we employ on our servers are a mix between commercial ones from a security company and custom ones made by our system administrators. As a result, we provide increased security for your web programs as we can shield them from attacks before security firms release updates for brand new threats.
ModSecurity in VPS
ModSecurity is provided with all Hepsia-based virtual private servers that we offer and it will be switched on automatically for every new domain or subdomain that you include on the hosting server. That way, any web app you install shall be protected right away without doing anything by hand on your end. The firewall may be managed via the section of the CP which has the same name. This is the location in whichyou could turn off ModSecurity or let its passive mode, so it will not take any action toward threats, but will still keep a thorough log. The recorded data is available in the same area as well and you shall be able to see what IPs any attacks originated from so that you can block them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity reacted. The rules we use on our servers are a mix between commercial ones that we obtain from a security firm and custom ones that are included by our staff to optimize the protection of any web applications hosted on our end.
ModSecurity in Dedicated Hosting
ModSecurity is included with all dedicated servers which are integrated with our Hepsia CP and you will not need to do anything specific on your end to use it as it's turned on by default every time you add a new domain or subdomain on your server. In the event that it interferes with some of your programs, you'll be able to stop it via the respective area of Hepsia, or you could leave it in passive mode, so it shall identify attacks and will still keep a log for them, but won't prevent them. You can examine the logs later to learn what you can do to enhance the safety of your websites since you shall find info such as where an intrusion attempt came from, what website was attacked and in accordance with what rule ModSecurity reacted, etcetera. The rules we use are commercial, hence they are regularly updated by a security firm, but to be on the safe side, our staff also add custom rules every now and then in order to react to any new threats they have discovered.