ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its operation and in case it detects an intrusion attempt, it prevents it. The firewall also maintains a more comprehensive log for the site visitors than any web server does, so you will be able to keep an eye on what is going on with your websites better than if you rely simply on standard logs. ModSecurity uses security rules based on which it prevents attacks. For example, it recognizes whether anyone is trying to log in to the administrator area of a particular script a number of times or if a request is sent to execute a file with a specific command. In these situations these attempts trigger the corresponding rules and the firewall hinders the attempts immediately, and then records comprehensive information about them inside its logs. ModSecurity is among the best software firewalls available and it could easily protect your web apps against a huge number of threats and vulnerabilities, especially in case you don’t update them or their plugins regularly.

ModSecurity in Shared Hosting

We provide ModSecurity with all shared hosting solutions, so your Internet apps will be resistant to harmful attacks. The firewall is switched on as standard for all domains and subdomains, but if you'd like, you'll be able to stop it through the respective area of your Hepsia Control Panel. You can also switch on a detection mode, so ModSecurity shall keep a log as intended, but shall not take any action. The logs that you'll discover inside Hepsia are extremely detailed and offer information about the nature of any attack, when it happened and from what IP address, the firewall rule that was triggered, etcetera. We use a range of commercial rules which are regularly updated, but sometimes our admins include custom rules as well in order to efficiently protect the Internet sites hosted on our machines.

ModSecurity in Semi-dedicated Hosting

We have included ModSecurity as a standard within all semi-dedicated hosting products, so your web applications shall be protected whenever you set them up under any domain or subdomain. The Hepsia Control Panel which is included with the semi-dedicated accounts will allow you to enable or disable the firewall for any website with a click. You shall also have the ability to activate a passive detection mode with which ModSecurity shall maintain a log of possible attacks without really preventing them. The detailed logs contain the nature of the attack and what ModSecurity response that attack triggered, where it came from, and so forth. The list of rules that we employ is frequently updated in order to match any new risks which could appear on the Internet and it consists of both commercial rules that we get from a security firm and custom-written ones that our admins include if they discover a threat that's not present within the commercial list yet.

ModSecurity in VPS

All virtual private servers that are set up with the Hepsia Control Panel feature ModSecurity. The firewall is installed and activated by default for all domains that are hosted on the server, so there won't be anything special that you shall have to do to protect your Internet sites. It will take you simply a click to stop ModSecurity if required or to turn on its passive mode so that it records what happens without taking any measures to prevent intrusions. You shall be able to look at the logs produced in passive or active mode via the corresponding section of Hepsia and learn more about the type of the attack, where it came from, what rule the firewall used to handle it, and so on. We use a mix of commercial and custom rules so as to make sure that ModSecurity will block out as many threats as possible, thus improving the security of your web applications as much as possible.

ModSecurity in Dedicated Hosting

When you choose to host your sites on a dedicated server with the Hepsia Control Panel, your web programs will be protected right from the start as ModSecurity is available with all Hepsia-based packages. You shall be able to manage the firewall with ease and if required, you shall be able to turn it off or activate its passive mode when it shall only maintain a log of what is going on without taking any action to prevent potential attacks. The logs which you'll find inside the exact same section of the CP are extremely detailed and feature info about the attacker IP address, what website and file were attacked and in what way, what rule the firewall used to stop the intrusion, and so forth. This info will enable you to take measures and improve the security of your Internet sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones which our administrators add every time they detect attacks which haven't yet been included in the commercial pack.