ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its performance and in case it discovers an intrusion attempt, it blocks it. The firewall additionally maintains a more detailed log for the traffic than any web server does, so you'll be able to keep an eye on what is happening with your Internet sites much better than if you rely simply on standard logs. ModSecurity works with security rules based on which it helps prevent attacks. For instance, it recognizes whether somebody is attempting to log in to the administrator area of a particular script a number of times or if a request is sent to execute a file with a certain command. In these circumstances these attempts trigger the corresponding rules and the firewall software blocks the attempts right away, then records detailed information about them within its logs. ModSecurity is among the best software firewalls out there and it could easily protect your web applications against thousands of threats and vulnerabilities, particularly if you don’t update them or their plugins regularly.

ModSecurity in Shared Website Hosting

ModSecurity is provided with all shared website hosting web servers, so when you opt to host your websites with our business, they'll be shielded from an array of attacks. The firewall is turned on by default for all domains and subdomains, so there'll be nothing you shall need to do on your end. You shall be able to stop ModSecurity for any Internet site if required, or to activate a detection mode, so that all activity will be recorded, but the firewall shall not take any real action. You will be able to view detailed logs from your Hepsia CP including the IP where the attack came from, what the attacker wished to do and how ModSecurity addressed the threat. As we take the protection of our customers' sites very seriously, we use a selection of commercial rules which we take from one of the best companies which maintain this kind of rules. Our admins also include custom rules to ensure that your sites shall be resistant to as many threats as possible.

ModSecurity in Semi-dedicated Hosting

We have incorporated ModSecurity as a standard in all semi-dedicated hosting products, so your web apps will be protected the instant you install them under any domain or subdomain. The Hepsia CP which is included with the semi-dedicated accounts shall permit you to activate or disable the firewall for any website with a mouse click. You'll also be able to switch on a passive detection mode in which ModSecurity shall maintain a log of potential attacks without actually stopping them. The detailed logs contain the nature of the attack and what ModSecurity response that attack generated, where it came from, etcetera. The list of rules which we use is frequently updated as to match any new risks that may appear on the Internet and it consists of both commercial rules that we get from a security business and custom-written ones which our admins add in case they find a threat which is not present within the commercial list yet.

ModSecurity in VPS Hosting

All virtual private servers that are offered with the Hepsia Control Panel come with ModSecurity. The firewall is installed and switched on by default for all domains which are hosted on the machine, so there won't be anything special which you'll have to do to protect your Internet sites. It shall take you a mouse click to stop ModSecurity if needed or to turn on its passive mode so that it records what goes on without taking any actions to prevent intrusions. You shall be able to look at the logs produced in active or passive mode through the corresponding section of Hepsia and learn more about the form of the attack, where it came from, what rule the firewall used to tackle it, and so forth. We employ a mix of commercial and custom rules so as to ensure that ModSecurity will stop as many threats as possible, consequently enhancing the protection of your web apps as much as possible.

ModSecurity in Dedicated Web Hosting

ModSecurity is offered as standard with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain you create on the server. In case that a web app doesn't work properly, you may either disable the firewall or set it to work in passive mode. The latter means that ModSecurity will keep a log of any potential attack that may take place, but shall not take any action to prevent it. The logs created in passive or active mode shall offer you more details about the exact file which was attacked, the type of the attack and the IP it came from, and so on. This information shall permit you to decide what steps you can take to improve the protection of your sites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules which we employ are updated constantly with a commercial pack from a third-party security provider we work with, but from time to time our staff add their own rules also in the event that they find a new potential threat.