ModSecurity is a powerful firewall for Apache web servers that is employed to prevent attacks toward web applications. It tracks the HTTP traffic to a specific Internet site in real time and blocks any intrusion attempts the moment it detects them. The firewall relies on a set of rules to accomplish that - as an example, attempting to log in to a script admin area without success several times activates one rule, sending a request to execute a certain file which could result in gaining access to the site triggers a different rule, and so forth. ModSecurity is amongst the best firewalls out there and it will preserve even scripts which aren't updated on a regular basis as it can prevent attackers from using known exploits and security holes. Very comprehensive info about every single intrusion attempt is recorded and the logs the firewall maintains are a lot more comprehensive than the standard logs created by the Apache server, so you could later examine them and determine whether you need to take additional measures so as to boost the protection of your script-driven sites.

ModSecurity in Website Hosting

ModSecurity is available with every website hosting solution that we offer and it is activated by default for any domain or subdomain which you include via your Hepsia Control Panel. In case it interferes with any of your apps or you would like to disable it for whatever reason, you'll be able to do this through the ModSecurity section of Hepsia with simply a click. You may also enable a passive mode, so the firewall will identify possible attacks and maintain a log, but shall not take any action. You can view comprehensive logs in the same section, including the IP where the attack originated from, what precisely the attacker tried to do and at what time, what ModSecurity did, etc. For optimum safety of our customers we use a group of commercial firewall rules combined with custom ones which are added by our system administrators.

ModSecurity in Semi-dedicated Hosting

Any web program you install in your new semi-dedicated hosting account will be protected by ModSecurity since the firewall is included with all our hosting packages and is activated by default for any domain and subdomain which you include or create through your Hepsia hosting Control Panel. You'll be able to manage ModSecurity via a dedicated area in Hepsia where not only can you activate or deactivate it fully, but you can also switch on a passive mode, so the firewall shall not stop anything, but it will still maintain a record of potential attacks. This normally requires just a click and you shall be able to look at the logs no matter if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was handled, etc. The firewall employs two sets of rules on our web servers - a commercial one which we get from a third-party web security firm and a custom one which our admins update manually as to respond to recently discovered threats as fast as possible.

ModSecurity in VPS Web Hosting

All virtual private servers that are offered with the Hepsia Control Panel include ModSecurity. The firewall is installed and turned on by default for all domains which are hosted on the web server, so there won't be anything special that you'll have to do to protect your Internet sites. It shall take you a mouse click to stop ModSecurity if needed or to activate its passive mode so that it records what happens without taking any actions to stop intrusions. You will be able to view the logs created in active or passive mode from the corresponding section of Hepsia and learn more about the form of the attack, where it originated from, what rule the firewall used to tackle it, and so on. We employ a combination of commercial and custom rules in order to ensure that ModSecurity shall block as many threats as possible, therefore enhancing the protection of your web apps as much as possible.

ModSecurity in Dedicated Servers Hosting

ModSecurity is available as standard with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain that you host or subdomain which you create on the server. Just in case that a web app doesn't operate correctly, you may either turn off the firewall or set it to function in passive mode. The second means that ModSecurity shall keep a log of any potential attack which might take place, but shall not take any action to prevent it. The logs created in passive or active mode shall offer you additional details about the exact file which was attacked, the type of the attack and the IP address it originated from, etc. This info will allow you to choose what actions you can take to improve the protection of your sites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules we use are updated regularly with a commercial pack from a third-party security company we work with, but occasionally our admins include their own rules as well when they find a new potential threat.