ModSecurity is a potent web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its overall performance and in case it discovers an intrusion attempt, it prevents it. The firewall furthermore maintains a more comprehensive log for the website visitors than any web server does, so you'll be able to keep an eye on what is going on with your Internet sites better than if you rely merely on conventional logs. ModSecurity works with security rules based on which it prevents attacks. For instance, it identifies if anyone is trying to log in to the administration area of a given script multiple times or if a request is sent to execute a file with a particular command. In these situations these attempts set off the corresponding rules and the firewall software blocks the attempts right away, then records in-depth information about them inside its logs. ModSecurity is among the best software firewalls out there and it can protect your web apps against thousands of threats and vulnerabilities, especially in case you don’t update them or their plugins often.

ModSecurity in Shared Website Hosting

ModSecurity comes by default with all shared website hosting packages which we supply and it'll be activated automatically for any domain or subdomain which you add/create within your Hepsia hosting Control Panel. The firewall has 3 different modes, so you could activate and deactivate it with a click or set it to detection mode, so it'll keep a log of all attacks, but it will not do anything to prevent them. The log for each of your sites shall feature comprehensive info which includes the nature of the attack, where it came from, what action was taken by ModSecurity, etcetera. The firewall rules which we use are frequently updated and comprise of both commercial ones which we get from a third-party security business and custom ones which our system admins include in case that they detect a new type of attacks. In this way, the websites that you host here will be far more secure without any action required on your end.

ModSecurity in VPS Hosting

ModSecurity comes with all Hepsia-based virtual private servers we offer and it'll be activated automatically for any new domain or subdomain that you add on the server. That way, any web application that you install shall be protected right from the start without doing anything personally on your end. The firewall could be managed via the section of the CP which has the same name. This is the area whereyou can switch off ModSecurity or activate its passive mode, so it shall not take any action towards threats, but shall still keep a comprehensive log. The recorded information is available within the same section as well and you shall be able to see what IPs any attacks came from to enable you to stop them, what the nature of the attempted attacks was and based on what security rules ModSecurity reacted. The rules that we employ on our servers are a combination between commercial ones that we obtain from a security firm and custom ones which are added by our staff to maximize the protection of any web applications hosted on our end.

ModSecurity in Dedicated Web Hosting

When you choose to host your Internet sites on a dedicated server with the Hepsia CP, your web applications shall be secured immediately because ModSecurity is available with all Hepsia-based plans. You shall be able to manage the firewall easily and if required, you shall be able to turn it off or activate its passive mode when it will only keep a log of what is occurring without taking any action to stop possible attacks. The logs which you'll find in the same section of the CP are extremely detailed and feature data about the attacker IP address, what website and file were attacked and in what way, what rule the firewall employed to prevent the intrusion, and so on. This info will allow you to take measures and enhance the security of your sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones that our admins include every time they detect attacks that haven't yet been included within the commercial pack.