ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to an Internet site without affecting its performance and if it discovers an intrusion attempt, it prevents it. The firewall also maintains a more comprehensive log for the traffic than any web server does, so you'll be able to keep an eye on what is happening with your websites a lot better than if you rely only on conventional logs. ModSecurity employs security rules based on which it prevents attacks. For example, it detects whether anyone is attempting to log in to the administrator area of a certain script multiple times or if a request is sent to execute a file with a particular command. In such situations these attempts trigger the corresponding rules and the firewall hinders the attempts right away, and then records detailed details about them inside its logs. ModSecurity is one of the very best software firewalls on the market and it can easily protect your web apps against thousands of threats and vulnerabilities, especially in case you don’t update them or their plugins frequently.

ModSecurity in Shared Website Hosting

ModSecurity is supplied with all shared website hosting web servers, so if you choose to host your Internet sites with our business, they will be protected against a wide range of attacks. The firewall is turned on by default for all domains and subdomains, so there will be nothing you shall have to do on your end. You shall be able to stop ModSecurity for any Internet site if necessary, or to enable a detection mode, so that all activity will be recorded, but the firewall won't take any real action. You'll be able to view comprehensive logs using your Hepsia Control Panel including the IP address where the attack came from, what the attacker wished to do and how ModSecurity dealt with the threat. As we take the security of our clients' Internet sites very seriously, we employ a collection of commercial rules that we take from one of the best firms that maintain this type of rules. Our admins also include custom rules to make sure that your sites will be protected against as many risks as possible.

ModSecurity in Semi-dedicated Hosting

We have included ModSecurity as a standard inside all semi-dedicated hosting packages, so your web applications shall be protected whenever you set them up under any domain or subdomain. The Hepsia Control Panel which is included with the semi-dedicated accounts will allow you to activate or turn off the firewall for any Internet site with a click. You will also have the ability to activate a passive detection mode through which ModSecurity shall maintain a log of potential attacks without actually preventing them. The thorough logs contain the nature of the attack and what ModSecurity response that attack initiated, where it originated from, and so on. The list of rules we use is regularly updated in order to match any new risks which could appear on the Internet and it comes with both commercial rules that we get from a security firm and custom-written ones which our administrators include in case they discover a threat that is not present inside the commercial list yet.

ModSecurity in VPS Web Hosting

All virtual private servers which are provided with the Hepsia CP feature ModSecurity. The firewall is installed and switched on by default for all domains that are hosted on the web server, so there will not be anything special that you will have to do to protect your websites. It shall take you a click to stop ModSecurity if necessary or to activate its passive mode so that it records what occurs without taking any actions to stop intrusions. You'll be able to view the logs generated in active or passive mode via the corresponding section of Hepsia and learn more about the form of the attack, where it originated from, what rule the firewall used to tackle it, etcetera. We employ a mixture of commercial and custom rules so as to ensure that ModSecurity shall prevent as many threats as possible, hence enhancing the protection of your web applications as much as possible.

ModSecurity in Dedicated Servers Hosting

ModSecurity is provided by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain that you host or subdomain you create on the server. In case that a web app does not function correctly, you could either turn off the firewall or set it to function in passive mode. The latter means that ModSecurity shall keep a log of any potential attack that might happen, but will not take any action to prevent it. The logs generated in active or passive mode shall provide you with additional details about the exact file that was attacked, the type of the attack and the IP it came from, and so forth. This data will enable you to decide what actions you can take to enhance the safety of your websites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we employ are updated often with a commercial bundle from a third-party security provider we work with, but occasionally our admins include their own rules also if they discover a new potential threat.