ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its operation and if it discovers an intrusion attempt, it blocks it. The firewall furthermore keeps a more comprehensive log for the traffic than any web server does, so you shall manage to keep track of what's happening with your Internet sites a lot better than if you rely only on standard logs. ModSecurity uses security rules based on which it stops attacks. For instance, it recognizes whether anyone is attempting to log in to the administrator area of a particular script multiple times or if a request is sent to execute a file with a certain command. In these circumstances these attempts trigger the corresponding rules and the firewall program blocks the attempts in real time, and then records detailed details about them within its logs. ModSecurity is amongst the most effective software firewalls on the market and it can protect your web applications against thousands of threats and vulnerabilities, especially if you don’t update them or their plugins often.

ModSecurity in Shared Web Hosting

ModSecurity is offered with each and every shared web hosting solution that we offer and it's turned on by default for every domain or subdomain that you include via your Hepsia CP. If it interferes with any of your programs or you'd like to disable it for whatever reason, you shall be able to do this through the ModSecurity section of Hepsia with simply a mouse click. You can also use a passive mode, so the firewall will recognize potential attacks and maintain a log, but shall not take any action. You can see extensive logs in the exact same section, including the IP address where the attack came from, exactly what the attacker tried to do and at what time, what ModSecurity did, and so forth. For max protection of our customers we use a group of commercial firewall rules combined with custom ones that are added by our system administrators.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server plans that we offer include ModSecurity and given that the firewall is switched on by default, any website that you build under a domain or a subdomain shall be secured right from the start. An individual section within the Hepsia CP which comes with the semi-dedicated accounts is dedicated to ModSecurity and it shall permit you to start and stop the firewall for any site or activate a detection mode. With the last option, ModSecurity will not take any action, but it will still recognize possible attacks and shall keep all data in a log as if it were fully active. The logs could be found in the exact same section of the CP and they include information regarding the IP where an attack came from, what its nature was, what rule ModSecurity applies to identify and stop it, etcetera. The security rules we employ on our web servers are a mix between commercial ones from a security firm and custom ones made by our system administrators. Consequently, we offer increased security for your web apps as we can defend them from attacks even before security companies release updates for new threats.

ModSecurity in Dedicated Servers

ModSecurity is included with all dedicated servers that are integrated with our Hepsia CP and you won't have to do anything specific on your end to employ it because it is turned on by default each time you include a new domain or subdomain on your hosting server. If it disrupts some of your apps, you shall be able to stop it through the respective part of Hepsia, or you may leave it working in passive mode, so it'll detect attacks and will still keep a log for them, but will not stop them. You may look at the logs later to find out what you can do to boost the security of your Internet sites as you shall find information such as where an intrusion attempt originated from, what website was attacked and based on what rule ModSecurity reacted, etcetera. The rules we employ are commercial, therefore they are frequently updated by a security provider, but to be on the safe side, our staff also add custom rules occasionally in order to respond to any new threats they have discovered.