ModSecurity is a highly effective firewall for Apache web servers which is employed to stop attacks towards web apps. It monitors the HTTP traffic to a certain website in real time and stops any intrusion attempts as soon as it detects them. The firewall uses a set of rules to do that - for example, attempting to log in to a script admin area unsuccessfully several times activates one rule, sending a request to execute a certain file which could result in getting access to the website triggers another rule, and so forth. ModSecurity is amongst the best firewalls available and it will preserve even scripts which aren't updated on a regular basis as it can prevent attackers from employing known exploits and security holes. Very detailed data about every intrusion attempt is recorded and the logs the firewall keeps are much more specific than the standard logs created by the Apache server, so you could later examine them and decide whether you need to take extra measures so as to increase the protection of your script-driven websites.

ModSecurity in Web Hosting

ModSecurity comes by default with all web hosting plans that we offer and it will be switched on automatically for any domain or subdomain that you add/create in your Hepsia hosting CP. The firewall has three different modes, so you can switch on and deactivate it with a mouse click or set it to detection mode, so it'll keep a log of all attacks, but it'll not do anything to prevent them. The log for each of your Internet sites will feature detailed information including the nature of the attack, where it came from, what action was taken by ModSecurity, and so forth. The firewall rules that we use are constantly updated and comprise of both commercial ones that we get from a third-party security firm and custom ones that our system administrators include in the event that they detect a new sort of attacks. This way, the sites that you host here will be much more secure without any action needed on your end.

ModSecurity in Semi-dedicated Hosting

Any web application you set up inside your new semi-dedicated hosting account shall be protected by ModSecurity as the firewall comes with all our hosting solutions and is activated by default for any domain and subdomain which you add or create through your Hepsia hosting Control Panel. You shall be able to manage ModSecurity via a dedicated area inside Hepsia where not only can you activate or deactivate it entirely, but you could also enable a passive mode, so the firewall will not stop anything, but it will still maintain an archive of possible attacks. This takes only a click and you will be able to look at the logs no matter if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was dealt with, etcetera. The firewall uses 2 groups of rules on our machines - a commercial one that we get from a third-party web security firm and a custom one that our admins update personally as to respond to newly discovered risks as fast as possible.

ModSecurity in VPS

Protection is very important to us, so we install ModSecurity on all virtual private servers that are set up with the Hepsia Control Panel as a standard. The firewall could be managed through a dedicated section within Hepsia and is turned on automatically when you include a new domain or generate a subdomain, so you'll not need to do anything by hand. You will also be able to deactivate it or activate the so-called detection mode, so it'll maintain a log of potential attacks you can later examine, but will not block them. The logs in both passive and active modes contain information regarding the type of the attack and how it was stopped, what IP address it originated from and other important info that could help you to tighten the security of your sites by updating them or blocking IPs, as an example. Beyond the commercial rules we get for ModSecurity from a third-party security company, we also use our own rules as from time to time we identify specific attacks that are not yet present inside the commercial pack. This way, we can easily enhance the protection of your VPS instantly instead of awaiting a certified update.

ModSecurity in Dedicated Hosting

If you choose to host your sites on a dedicated server with the Hepsia CP, your web applications will be secured straight away as ModSecurity is supplied with all Hepsia-based plans. You shall be able to control the firewall effortlessly and if necessary, you'll be able to turn it off or activate its passive mode when it will only maintain a log of what's occurring without taking any action to stop possible attacks. The logs which you'll find within the exact same section of the Control Panel are quite detailed and contain details about the attacker IP address, what site and file were attacked and in what ways, what rule the firewall used to prevent the intrusion, and so on. This data will allow you to take measures and boost the security of your Internet sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones which our staff add whenever they identify attacks that have not yet been included in the commercial pack.