ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to an Internet site without affecting its operation and when it identifies an intrusion attempt, it prevents it. The firewall additionally maintains a more thorough log for the site visitors than any server does, so you will be able to keep an eye on what is happening with your websites much better than if you rely merely on standard logs. ModSecurity works with security rules based on which it prevents attacks. For instance, it detects if somebody is trying to log in to the administrator area of a particular script several times or if a request is sent to execute a file with a certain command. In such cases these attempts trigger the corresponding rules and the firewall software blocks the attempts immediately, after that records in-depth details about them inside its logs. ModSecurity is one of the most effective software firewalls out there and it can protect your web apps against a huge number of threats and vulnerabilities, particularly if you don’t update them or their plugins often.
ModSecurity in Shared Website Hosting
We offer ModSecurity with all shared website hosting packages, so your web apps will be shielded from destructive attacks. The firewall is turned on as standard for all domains and subdomains, but if you'd like, you will be able to stop it through the respective area of your Hepsia Control Panel. You could also switch on a detection mode, so ModSecurity will keep a log as intended, but won't take any action. The logs which you will find in Hepsia are incredibly detailed and feature data about the nature of any attack, when it transpired and from what IP address, the firewall rule which was triggered, and so on. We employ a set of commercial rules which are constantly updated, but sometimes our administrators include custom rules as well so as to efficiently protect the sites hosted on our servers.
ModSecurity in Semi-dedicated Hosting
Any web application which you install within your new semi-dedicated hosting account will be protected by ModSecurity because the firewall is provided with all our hosting packages and is switched on by default for any domain and subdomain you add or create through your Hepsia hosting Control Panel. You shall be able to manage ModSecurity through a dedicated section within Hepsia where not only can you activate or deactivate it completely, but you can also activate a passive mode, so the firewall shall not stop anything, but it'll still maintain a record of possible attacks. This normally requires just a mouse click and you shall be able to see the logs no matter if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was addressed, etcetera. The firewall employs two groups of rules on our web servers - a commercial one that we get from a third-party web security company and a custom one that our admins update manually as to respond to recently discovered risks immediately.
ModSecurity in VPS
All virtual private servers which are set up with the Hepsia CP come with ModSecurity. The firewall is installed and turned on by default for all domains that are hosted on the server, so there shall not be anything special which you shall have to do to protect your websites. It shall take you only a mouse click to stop ModSecurity if necessary or to activate its passive mode so that it records what goes on without taking any steps to stop intrusions. You shall be able to look at the logs produced in active or passive mode via the corresponding section of Hepsia and learn more about the type of the attack, where it came from, what rule the firewall employed to deal with it, and so on. We use a mixture of commercial and custom rules so as to ensure that ModSecurity will block as many threats as possible, hence boosting the security of your web applications as much as possible.
ModSecurity in Dedicated Hosting
All our dedicated servers that are installed with the Hepsia hosting Control Panel include ModSecurity, so any app that you upload or set up shall be protected from the very beginning and you'll not have to stress about common attacks or vulnerabilities. An individual section in Hepsia will enable you to start or stop the firewall for any domain or subdomain, or switch on a detection mode so that it records info about intrusions, but does not take actions to stop them. What you shall find in the logs can help you to secure your sites better - the IP an attack originated from, what website was attacked and in what way, what ModSecurity rule was triggered, and so forth. With this information, you can see if a site needs an update, whether you should block IPs from accessing your hosting server, and so forth. On top of the third-party commercial security rules for ModSecurity which we use, our admins include custom ones too if they discover a new threat that's not yet included in the commercial bundle.