ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its operation and if it detects an intrusion attempt, it prevents it. The firewall furthermore maintains a more detailed log for the site visitors than any web server does, so you will manage to keep an eye on what is going on with your sites better than if you rely only on conventional logs. ModSecurity employs security rules based on which it prevents attacks. For example, it recognizes if someone is trying to log in to the admin area of a given script a number of times or if a request is sent to execute a file with a certain command. In such instances these attempts set off the corresponding rules and the firewall blocks the attempts instantly, and then records in-depth information about them within its logs. ModSecurity is among the best software firewalls on the market and it can easily protect your web apps against thousands of threats and vulnerabilities, particularly if you don’t update them or their plugins frequently.

ModSecurity in Shared Hosting

ModSecurity is available with each shared hosting plan that we provide and it is turned on by default for any domain or subdomain that you include via your Hepsia CP. In case it disrupts any of your programs or you'd like to disable it for any reason, you shall be able to do that through the ModSecurity section of Hepsia with only a mouse click. You could also enable a passive mode, so the firewall will discover possible attacks and maintain a log, but shall not take any action. You can view comprehensive logs in the exact same section, including the IP address where the attack came from, what exactly the attacker aimed to do and at what time, what ModSecurity did, and so on. For maximum safety of our clients we use a set of commercial firewall rules combined with custom ones which are included by our system admins.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting packages that we offer include ModSecurity and given that the firewall is switched on by default, any Internet site that you build under a domain or a subdomain will be secured right away. An individual section inside the Hepsia CP that comes with the semi-dedicated accounts is devoted to ModSecurity and it'll allow you to start and stop the firewall for any Internet site or switch on a detection mode. With the last mentioned, ModSecurity will not take any action, but it will still detect possible attacks and will keep all info inside a log as if it were completely active. The logs could be found in the same section of the Control Panel and they feature information about the IP where an attack came from, what its nature was, what rule ModSecurity applies to detect and stop it, and so on. The security rules that we use on our servers are a mix of commercial ones from a security firm and custom ones created by our system admins. Consequently, we offer greater security for your web programs as we can shield them from attacks before security companies release updates for completely new threats.

ModSecurity in VPS Web Hosting

Safety is essential to us, so we install ModSecurity on all virtual private servers which are made available with the Hepsia Control Panel by default. The firewall can be managed through a dedicated section in Hepsia and is activated automatically when you add a new domain or generate a subdomain, so you'll not need to do anything by hand. You will also be able to disable it or activate the so-called detection mode, so it'll maintain a log of potential attacks that you can later study, but shall not prevent them. The logs in both passive and active modes contain information about the kind of the attack and how it was prevented, what IP it came from and other important info which could help you to tighten the security of your Internet sites by updating them or blocking IPs, as an example. Beyond the commercial rules we get for ModSecurity from a third-party security firm, we also implement our own rules as once in a while we discover specific attacks that aren't yet present in the commercial package. This way, we can easily improve the security of your Virtual private server immediately instead of awaiting an official update.

ModSecurity in Dedicated Servers Hosting

ModSecurity is included with all dedicated servers that are set up with our Hepsia CP and you won't have to do anything specific on your end to employ it because it's turned on by default whenever you add a new domain or subdomain on your web server. In the event that it disrupts some of your applications, you shall be able to stop it via the respective section of Hepsia, or you can leave it working in passive mode, so it shall recognize attacks and will still maintain a log for them, but will not block them. You'll be able to look at the logs later to determine what you can do to boost the security of your Internet sites since you will find details such as where an intrusion attempt originated from, what Internet site was attacked and in accordance with what rule ModSecurity reacted, etcetera. The rules we use are commercial, thus they are constantly updated by a security company, but to be on the safe side, our administrators also include custom rules every now and then as to deal with any new threats they have discovered.