ModSecurity is a powerful web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its functionality and if it detects an intrusion attempt, it blocks it. The firewall also keeps a more thorough log for the site visitors than any server does, so you will manage to keep track of what's going on with your Internet sites a lot better than if you rely merely on standard logs. ModSecurity uses security rules based on which it prevents attacks. For instance, it identifies whether somebody is trying to log in to the administrator area of a specific script several times or if a request is sent to execute a file with a certain command. In these situations these attempts set off the corresponding rules and the firewall software blocks the attempts instantly, and then records detailed information about them inside its logs. ModSecurity is among the most effective software firewalls out there and it can protect your web apps against many threats and vulnerabilities, especially in case you don’t update them or their plugins often.

ModSecurity in Shared Website Hosting

ModSecurity can be found with every shared website hosting solution that we offer and it's turned on by default for any domain or subdomain which you include through your Hepsia Control Panel. If it disrupts any of your apps or you'd like to disable it for any reason, you shall be able to do that through the ModSecurity area of Hepsia with simply a click. You may also use a passive mode, so the firewall will detect possible attacks and maintain a log, but won't take any action. You can view comprehensive logs in the exact same section, including the IP address where the attack came from, what exactly the attacker tried to do and at what time, what ModSecurity did, and so forth. For maximum safety of our customers we use a group of commercial firewall rules blended with custom ones which are included by our system admins.

ModSecurity in Semi-dedicated Servers

ModSecurity is part of our semi-dedicated server solutions and if you choose to host your sites with us, there shall not be anything special you'll have to do given that the firewall is turned on by default for all domains and subdomains which you include using your hosting Control Panel. If required, you can disable ModSecurity for a certain website or activate the so-called detection mode in which case the firewall shall still function and record info, but will not do anything to stop potential attacks on your Internet sites. Thorough logs will be accessible within your CP and you will be able to see which kind of attacks occurred, what security rules were triggered and how the firewall addressed the threats, what IP addresses the attacks came from, and so forth. We use 2 types of rules on our servers - commercial ones from an organization that operates in the field of web security, and custom ones which our admins often add to respond to newly identified threats in a timely manner.

ModSecurity in VPS Servers

ModSecurity is provided with all Hepsia-based VPS servers which we offer and it will be activated automatically for any new domain or subdomain that you add on the web server. That way, any web application that you install will be protected right from the start without doing anything personally on your end. The firewall could be managed from the section of the CP that has the same name. This is the area whereyou could disable ModSecurity or activate its passive mode, so it won't take any action toward threats, but shall still maintain a comprehensive log. The recorded information is available within the same area as well and you shall be able to see what IPs any attacks came from to enable you to stop them, what the nature of the attempted attacks was and based on what security rules ModSecurity responded. The rules that we use on our servers are a blend between commercial ones that we get from a security organization and custom ones that are included by our admins to improve the security of any web applications hosted on our end.

ModSecurity in Dedicated Servers

If you choose to host your sites on a dedicated server with the Hepsia CP, your web applications will be secured right away because ModSecurity is provided with all Hepsia-based packages. You shall be able to regulate the firewall without difficulty and if needed, you will be able to turn it off or activate its passive mode when it'll only maintain a log of what is going on without taking any action to stop possible attacks. The logs that you'll find in the same section of the CP are extremely detailed and feature info about the attacker IP, what site and file were attacked and in what ways, what rule the firewall used to stop the intrusion, and so forth. This data shall permit you to take measures and increase the security of your sites even more. To be on the safe side, we employ not only commercial rules, but also custom-made ones which our admins add when they detect attacks that have not yet been included within the commercial pack.