ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its operation and if it identifies an intrusion attempt, it prevents it. The firewall also maintains a more thorough log for the website visitors than any server does, so you will manage to monitor what's going on with your Internet sites much better than if you rely only on standard logs. ModSecurity works with security rules based on which it stops attacks. For instance, it detects whether somebody is trying to log in to the administration area of a certain script several times or if a request is sent to execute a file with a specific command. In these cases these attempts set off the corresponding rules and the firewall program blocks the attempts instantly, after that records detailed info about them in its logs. ModSecurity is amongst the most effective software firewalls out there and it could easily protect your web applications against thousands of threats and vulnerabilities, especially if you don’t update them or their plugins regularly.
ModSecurity in Hosting
We offer ModSecurity with all hosting solutions, so your web apps will be resistant to harmful attacks. The firewall is switched on as standard for all domains and subdomains, but if you'd like, you will be able to stop it via the respective section of your Hepsia Control Panel. You'll be able to also activate a detection mode, so ModSecurity will keep a log as intended, but shall not take any action. The logs which you shall find within Hepsia are extremely detailed and include data about the nature of any attack, when it transpired and from what IP, the firewall rule which was triggered, and so on. We employ a group of commercial rules that are constantly updated, but sometimes our administrators add custom rules as well in order to better protect the websites hosted on our machines.
ModSecurity in Semi-dedicated Servers
All semi-dedicated server packages which we offer include ModSecurity and since the firewall is switched on by default, any site which you set up under a domain or a subdomain shall be secured straight away. A separate section inside the Hepsia CP that comes with the semi-dedicated accounts is dedicated to ModSecurity and it shall allow you to start and stop the firewall for any website or activate a detection mode. With the last mentioned, ModSecurity will not take any action, but it will still identify possible attacks and will keep all info inside a log as if it were 100% active. The logs could be found inside the exact same section of the Control Panel and they include details about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to detect and stop it, and so forth. The security rules we employ on our servers are a mix between commercial ones from a security company and custom ones made by our system administrators. As a result, we provide increased security for your web applications as we can shield them from attacks before security corporations release updates for completely new threats.
ModSecurity in VPS Servers
ModSecurity is pre-installed on all VPS servers that are set up with the Hepsia hosting Control Panel, so your web programs shall be secured from the instant your server is in a position. The firewall is switched on by default for any domain or subdomain on the Virtual Private Server, but if required, you could disable it with a click of your mouse via the corresponding section of Hepsia. You may also set it to operate in detection mode, so it will keep a comprehensive log of any possible attacks without taking any action to prevent them. The logs can be found within the very same section and offer information regarding the nature of the attack, what IP it originated from and what ModSecurity rule was activated to stop it. For best security, we employ not only commercial rules from a company working in the field of web security, but also custom ones that our admins add personally in order to react to new risks which are still not addressed in the commercial rules.
ModSecurity in Dedicated Servers
All of our dedicated servers which are set up with the Hepsia hosting CP include ModSecurity, so any application which you upload or set up shall be protected from the very beginning and you will not have to worry about common attacks or vulnerabilities. An independent section in Hepsia will enable you to start or stop the firewall for any domain or subdomain, or turn on a detection mode so that it records info about intrusions, but does not take actions to prevent them. What you shall see in the logs can easily help you to secure your sites better - the IP an attack originated from, what site was attacked as well as how, what ModSecurity rule was triggered, and so on. With this data, you can see if a website needs an update, if you need to block IPs from accessing your hosting server, and so forth. On top of the third-party commercial security rules for ModSecurity we use, our administrators include custom ones as well every time they come across a new threat that's not yet included in the commercial bundle.