ModSecurity is a powerful firewall for Apache web servers which is employed to prevent attacks toward web applications. It monitors the HTTP traffic to a given site in real time and blocks any intrusion attempts the instant it discovers them. The firewall relies on a set of rules to accomplish that - as an example, trying to log in to a script admin area without success several times activates one rule, sending a request to execute a particular file which could result in gaining access to the website triggers another rule, and so forth. ModSecurity is among the best firewalls available and it will protect even scripts which are not updated frequently since it can prevent attackers from employing known exploits and security holes. Quite thorough information about every intrusion attempt is recorded and the logs the firewall maintains are considerably more comprehensive than the regular logs created by the Apache server, so you can later examine them and decide whether you need to take additional measures so as to increase the safety of your script-driven websites.

ModSecurity in Cloud Web Hosting

ModSecurity comes standard with all cloud web hosting solutions which we supply and it shall be switched on automatically for any domain or subdomain which you add/create within your Hepsia hosting Control Panel. The firewall has three different modes, so you could switch on and deactivate it with just a mouse click or set it to detection mode, so it shall maintain a log of all attacks, but it'll not do anything to stop them. The log for each of your sites will feature detailed information which includes the nature of the attack, where it came from, what action was taken by ModSecurity, etc. The firewall rules which we use are constantly updated and include both commercial ones which we get from a third-party security firm and custom ones which our system administrators add in case that they detect a new sort of attacks. In this way, the Internet sites which you host here will be far more protected with no action required on your end.

ModSecurity in Semi-dedicated Servers

Any web app that you install inside your new semi-dedicated server account will be protected by ModSecurity since the firewall comes with all our hosting plans and is activated by default for any domain and subdomain you include or create through your Hepsia hosting Control Panel. You will be able to manage ModSecurity through a dedicated area in Hepsia where not simply can you activate or deactivate it completely, but you could also switch on a passive mode, so the firewall will not block anything, but it will still keep a record of potential attacks. This takes just a click and you'll be able to see the logs regardless if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was dealt with, and so forth. The firewall uses two sets of rules on our machines - a commercial one which we get from a third-party web security firm and a custom one which our administrators update manually in order to respond to newly discovered threats as quickly as possible.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are provided with the Hepsia hosting CP, so your web programs will be secured from the instant your server is in a position. The firewall is turned on by default for any domain or subdomain on the VPS, but if required, you could disable it with a click of your mouse through the corresponding section of Hepsia. You could also set it to work in detection mode, so it shall maintain an extensive log of any potential attacks without taking any action to prevent them. The logs can be found inside the same section and provide info about the nature of the attack, what IP address it came from and what ModSecurity rule was activated to stop it. For maximum security, we use not simply commercial rules from a company working in the field of web security, but also custom ones which our admins include manually so as to respond to new risks that are still not addressed in the commercial rules.

ModSecurity in Dedicated Servers

All of our dedicated servers which are set up with the Hepsia hosting CP come with ModSecurity, so any app you upload or install shall be secured from the very beginning and you won't need to stress about common attacks or vulnerabilities. An individual section in Hepsia will enable you to start or stop the firewall for any domain or subdomain, or switch on a detection mode so that it records details about intrusions, but doesn't take actions to stop them. What you shall see in the logs shall help you to secure your Internet sites better - the IP an attack originated from, what website was attacked and how, what ModSecurity rule was triggered, etc. With this information, you'll be able to see if a website needs an update, if you should block IPs from accessing your server, etcetera. Aside from the third-party commercial security rules for ModSecurity that we use, our admins include custom ones as well when they come across a new threat that is not yet a part of the commercial bundle.