ModSecurity is a potent web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its overall performance and in case it detects an intrusion attempt, it blocks it. The firewall also maintains a more comprehensive log for the traffic than any server does, so you'll manage to keep track of what is happening with your Internet sites better than if you rely merely on standard logs. ModSecurity uses security rules based on which it prevents attacks. For example, it recognizes whether someone is attempting to log in to the admin area of a given script several times or if a request is sent to execute a file with a particular command. In these situations these attempts trigger the corresponding rules and the firewall software blocks the attempts in real time, and then records detailed info about them within its logs. ModSecurity is amongst the most effective software firewalls on the market and it can protect your web apps against a large number of threats and vulnerabilities, particularly if you don’t update them or their plugins often.

ModSecurity in Cloud Web Hosting

ModSecurity comes by default with all cloud web hosting packages which we offer and it shall be activated automatically for any domain or subdomain which you add/create within your Hepsia hosting Control Panel. The firewall has 3 different modes, so you could switch on and deactivate it with simply a click or set it to detection mode, so it shall maintain a log of all attacks, but it will not do anything to stop them. The log for any of your websites shall include elaborate information including the nature of the attack, where it originated from, what action was taken by ModSecurity, and so on. The firewall rules which we use are constantly updated and incorporate both commercial ones which we get from a third-party security firm and custom ones our system administrators add in case that they detect a new kind of attacks. This way, the Internet sites you host here shall be a lot more protected with no action needed on your end.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting plans which we offer come with ModSecurity and given that the firewall is enabled by default, any website that you create under a domain or a subdomain shall be protected right away. An individual section within the Hepsia CP which comes with the semi-dedicated accounts is devoted to ModSecurity and it shall permit you to stop and start the firewall for any Internet site or activate a detection mode. With the last option, ModSecurity will not take any action, but it shall still identify possible attacks and shall keep all data within a log as if it were fully active. The logs can be found within the same section of the Control Panel and they include information regarding the IP where an attack originated from, what its nature was, what rule ModSecurity applies to recognize and stop it, etcetera. The security rules we use on our servers are a mix between commercial ones from a security firm and custom ones created by our system administrators. As a result, we provide increased security for your web programs as we can defend them from attacks even before security companies release updates for brand new threats.

ModSecurity in Dedicated Web Hosting

If you choose to host your Internet sites on a dedicated server with the Hepsia CP, your web programs will be secured straight away as ModSecurity is provided with all Hepsia-based packages. You'll be able to regulate the firewall with ease and if required, you will be able to turn it off or switch on its passive mode when it'll only keep a log of what's going on without taking any action to prevent potential attacks. The logs which you will find in the exact same section of the CP are really detailed and include details about the attacker IP, what site and file were attacked and in what ways, what rule the firewall employed to prevent the intrusion, and so on. This info will allow you to take measures and improve the protection of your Internet sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones that our admins include whenever they recognize attacks that haven't yet been included within the commercial pack.