ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its overall performance and in case it discovers an intrusion attempt, it prevents it. The firewall additionally keeps a more detailed log for the traffic than any web server does, so you shall be able to monitor what's happening with your sites a lot better than if you rely simply on standard logs. ModSecurity employs security rules based on which it helps prevent attacks. For example, it detects whether somebody is trying to log in to the administration area of a certain script a number of times or if a request is sent to execute a file with a particular command. In such cases these attempts trigger the corresponding rules and the software blocks the attempts in real time, after that records detailed info about them within its logs. ModSecurity is one of the most effective software firewalls out there and it can easily protect your web applications against many threats and vulnerabilities, especially if you don’t update them or their plugins regularly.

ModSecurity in Shared Website Hosting

We offer ModSecurity with all shared website hosting plans, so your web applications will be protected against harmful attacks. The firewall is turned on by default for all domains and subdomains, but in case you would like, you shall be able to stop it through the respective area of your Hepsia Control Panel. You'll be able to also switch on a detection mode, so ModSecurity will keep a log as intended, but shall not take any action. The logs which you shall find in Hepsia are very detailed and include information about the nature of any attack, when it transpired and from what IP address, the firewall rule which was triggered, and so on. We use a group of commercial rules which are often updated, but sometimes our admins include custom rules as well so as to efficiently protect the websites hosted on our servers.

ModSecurity in Semi-dedicated Hosting

We've incorporated ModSecurity by default inside all semi-dedicated hosting products, so your web applications will be protected whenever you set them up under any domain or subdomain. The Hepsia Control Panel that is included with the semi-dedicated accounts shall allow you to activate or turn off the firewall for any Internet site with a click. You will also have the ability to activate a passive detection mode through which ModSecurity will keep a log of possible attacks without actually stopping them. The detailed logs contain the nature of the attack and what ModSecurity response that attack generated, where it originated from, etcetera. The list of rules that we use is frequently updated as to match any new threats which might appear on the Internet and it features both commercial rules that we get from a security firm and custom-written ones which our administrators include if they find a threat which is not present within the commercial list yet.

ModSecurity in VPS Web Hosting

ModSecurity comes with all Hepsia-based virtual private servers we offer and it will be turned on automatically for any new domain or subdomain that you add on the server. That way, any web application you install will be secured right away without doing anything manually on your end. The firewall could be handled from the section of the CP which has the same name. This is the area whereyou'll be able to disable ModSecurity or enable its passive mode, so it won't take any action toward threats, but will still keep a detailed log. The recorded information is available in the same section as well and you will be able to see what IPs any attacks came from so that you block them, what the nature of the attempted attacks was and based on what security rules ModSecurity reacted. The rules which we use on our servers are a combination between commercial ones which we obtain from a security organization and custom ones which are added by our administrators to maximize the protection of any web applications hosted on our end.

ModSecurity in Dedicated Servers Hosting

ModSecurity comes with all dedicated servers that are integrated with our Hepsia CP and you will not have to do anything specific on your end to employ it as it's enabled by default each time you include a new domain or subdomain on your hosting server. In the event that it disrupts any of your apps, you shall be able to stop it through the respective area of Hepsia, or you could leave it operating in passive mode, so it shall identify attacks and shall still maintain a log for them, but will not prevent them. You'll be able to examine the logs later to determine what you can do to enhance the protection of your websites as you will find details such as where an intrusion attempt originated from, what Internet site was attacked and in accordance with what rule ModSecurity responded, etcetera. The rules we use are commercial, hence they are regularly updated by a security company, but to be on the safe side, our admins also include custom rules occasionally in order to deal with any new threats they have discovered.