ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its overall performance and when it detects an intrusion attempt, it prevents it. The firewall additionally maintains a more comprehensive log for the site visitors than any web server does, so you will manage to keep an eye on what is happening with your sites a lot better than if you rely simply on conventional logs. ModSecurity works with security rules based on which it stops attacks. For instance, it recognizes whether someone is attempting to log in to the administration area of a given script a number of times or if a request is sent to execute a file with a specific command. In such situations these attempts set off the corresponding rules and the firewall software hinders the attempts instantly, and then records in-depth information about them inside its logs. ModSecurity is among the best software firewalls available and it can easily protect your web applications against a huge number of threats and vulnerabilities, particularly in case you don’t update them or their plugins frequently.

ModSecurity in Cloud Hosting

ModSecurity is available with every cloud hosting solution that we provide and it's switched on by default for any domain or subdomain which you include through your Hepsia Control Panel. If it interferes with any of your applications or you'd like to disable it for some reason, you will be able to achieve that through the ModSecurity section of Hepsia with only a mouse click. You can also enable a passive mode, so the firewall will recognize potential attacks and maintain a log, but will not take any action. You could see detailed logs in the same section, including the IP where the attack came from, what exactly the attacker aimed to do and at what time, what ModSecurity did, and so forth. For optimum safety of our clients we use a collection of commercial firewall rules mixed with custom ones which are provided by our system administrators.

ModSecurity in Semi-dedicated Hosting

Any web application which you install within your new semi-dedicated hosting account shall be protected by ModSecurity since the firewall is included with all our hosting solutions and is activated by default for any domain and subdomain which you include or create via your Hepsia hosting Control Panel. You'll be able to manage ModSecurity through a dedicated area in Hepsia where not simply could you activate or deactivate it entirely, but you may also switch on a passive mode, so the firewall shall not stop anything, but it shall still maintain a record of potential attacks. This normally requires simply a mouse click and you will be able to view the logs no matter if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was addressed, etc. The firewall uses 2 sets of rules on our web servers - a commercial one that we get from a third-party web security firm and a custom one that our administrators update manually in order to respond to newly discovered risks at the earliest opportunity.

ModSecurity in VPS Hosting

ModSecurity is pre-installed on all virtual private servers which are set up with the Hepsia hosting CP, so your web programs will be protected from the second your server is in a position. The firewall is activated by default for any domain or subdomain on the Virtual Private Server, but if needed, you could deactivate it with a mouse click via the corresponding section of Hepsia. You may also set it to function in detection mode, so it shall keep a detailed log of any potential attacks without taking any action to prevent them. The logs are available within the very same section and include details about the nature of the attack, what IP address it originated from and what ModSecurity rule was activated to stop it. For best security, we use not only commercial rules from a business operating in the field of web security, but also custom ones that our admins add manually in order to react to new threats that are still not dealt with in the commercial rules.

ModSecurity in Dedicated Web Hosting

ModSecurity comes with all dedicated servers which are set up with our Hepsia CP and you will not need to do anything specific on your end to use it because it is activated by default whenever you include a new domain or subdomain on your web server. In case it disrupts any of your apps, you will be able to stop it through the respective area of Hepsia, or you may leave it in passive mode, so it will recognize attacks and shall still keep a log for them, but shall not stop them. You could look at the logs later to determine what you can do to improve the protection of your sites since you shall find details such as where an intrusion attempt originated from, what Internet site was attacked and based on what rule ModSecurity reacted, etcetera. The rules that we use are commercial, thus they're frequently updated by a security firm, but to be on the safe side, our administrators also include custom rules from time to time as to deal with any new threats they have identified.