ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its overall performance and if it discovers an intrusion attempt, it blocks it. The firewall furthermore maintains a more detailed log for the traffic than any server does, so you'll be able to keep track of what is happening with your Internet sites a lot better than if you rely merely on standard logs. ModSecurity works with security rules based on which it prevents attacks. For instance, it detects whether someone is attempting to log in to the admin area of a particular script several times or if a request is sent to execute a file with a specific command. In such situations these attempts set off the corresponding rules and the software hinders the attempts in real time, and then records in-depth info about them in its logs. ModSecurity is amongst the very best software firewalls available and it can protect your web apps against thousands of threats and vulnerabilities, particularly if you don’t update them or their plugins regularly.

ModSecurity in Shared Web Hosting

ModSecurity comes by default with all shared web hosting plans which we supply and it shall be turned on automatically for any domain or subdomain that you add/create within your Hepsia hosting Control Panel. The firewall has 3 different modes, so you'll be able to activate and disable it with just a click or set it to detection mode, so it shall keep a log of all attacks, but it shall not do anything to stop them. The log for each of your sites shall include comprehensive information including the nature of the attack, where it originated from, what action was taken by ModSecurity, and so forth. The firewall rules which we use are constantly updated and consist of both commercial ones we get from a third-party security firm and custom ones that our system admins include in the event that they detect a new sort of attacks. This way, the sites you host here shall be far more secure without any action expected on your end.

ModSecurity in Semi-dedicated Servers

Any web app you set up in your new semi-dedicated server account shall be protected by ModSecurity as the firewall is provided with all our hosting solutions and is switched on by default for any domain and subdomain that you add or create through your Hepsia hosting CP. You will be able to manage ModSecurity via a dedicated section inside Hepsia where not only could you activate or deactivate it completely, but you could also switch on a passive mode, so the firewall shall not block anything, but it will still keep a record of potential attacks. This takes only a click and you shall be able to see the logs regardless of if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was addressed, and so on. The firewall employs two sets of rules on our machines - a commercial one which we get from a third-party web security firm and a custom one that our administrators update personally as to respond to newly discovered risks as quickly as possible.

ModSecurity in Dedicated Servers

When you decide to host your websites on a dedicated server with the Hepsia CP, your web applications shall be secured right away since ModSecurity is supplied with all Hepsia-based solutions. You shall be able to regulate the firewall effortlessly and if necessary, you shall be able to turn it off or activate its passive mode when it will only keep a log of what is taking place without taking any action to prevent possible attacks. The logs that you'll find inside the exact same section of the Control Panel are extremely detailed and include data about the attacker IP, what website and file were attacked and in what way, what rule the firewall employed to stop the intrusion, and so on. This info shall allow you to take measures and boost the protection of your Internet sites even more. To be on the safe side, we use not only commercial rules, but also custom-made ones that our admins add when they recognize attacks which haven't yet been included in the commercial pack.