ModSecurity is an effective firewall for Apache web servers that is employed to prevent attacks towards web apps. It tracks the HTTP traffic to a specific website in real time and prevents any intrusion attempts as soon as it discovers them. The firewall uses a set of rules to accomplish that - for example, trying to log in to a script administrator area unsuccessfully many times triggers one rule, sending a request to execute a certain file that may result in gaining access to the Internet site triggers another rule, etcetera. ModSecurity is one of the best firewalls out there and it'll protect even scripts which aren't updated on a regular basis because it can prevent attackers from using known exploits and security holes. Incredibly detailed info about every intrusion attempt is recorded and the logs the firewall keeps are much more comprehensive than the standard logs generated by the Apache server, so you may later examine them and decide whether you need to take additional measures so as to boost the safety of your script-driven websites.

ModSecurity in Website Hosting

We offer ModSecurity with all website hosting packages, so your Internet apps will be shielded from harmful attacks. The firewall is turned on as standard for all domains and subdomains, but in case you would like, you'll be able to stop it via the respective part of your Hepsia CP. You can also activate a detection mode, so ModSecurity will keep a log as intended, but shall not take any action. The logs that you shall discover within Hepsia are incredibly detailed and include information about the nature of any attack, when it transpired and from what IP address, the firewall rule that was triggered, etc. We use a group of commercial rules which are frequently updated, but sometimes our administrators include custom rules as well in order to efficiently protect the websites hosted on our machines.

ModSecurity in Semi-dedicated Hosting

We have integrated ModSecurity as a standard within all semi-dedicated hosting plans, so your web applications shall be protected whenever you install them under any domain or subdomain. The Hepsia CP which is included with the semi-dedicated accounts shall allow you to switch on or disable the firewall for any website with a click. You'll also have the ability to turn on a passive detection mode with which ModSecurity will keep a log of potential attacks without actually preventing them. The comprehensive logs include the nature of the attack and what ModSecurity response this attack initiated, where it came from, and so forth. The list of rules we employ is frequently updated in order to match any new risks that might appear on the Internet and it includes both commercial rules that we get from a security firm and custom-written ones that our admins include in case they find a threat that's not present inside the commercial list yet.

ModSecurity in VPS Hosting

ModSecurity is pre-installed on all virtual private servers which are set up with the Hepsia hosting Control Panel, so your web applications will be secured from the instant your server is in a position. The firewall is turned on by default for any domain or subdomain on the Virtual Private Server, but if required, you can deactivate it with a mouse click via the corresponding section of Hepsia. You could also set it to function in detection mode, so it will keep a comprehensive log of any possible attacks without taking any action to stop them. The logs can be found inside the very same section and offer details about the nature of the attack, what IP it originated from and what ModSecurity rule was initiated to stop it. For optimum security, we use not only commercial rules from a firm working in the field of web security, but also custom ones that our administrators add personally in order to react to new threats that are still not dealt with in the commercial rules.

ModSecurity in Dedicated Web Hosting

ModSecurity is included with all dedicated servers which are set up with our Hepsia Control Panel and you'll not need to do anything specific on your end to use it since it is activated by default whenever you include a new domain or subdomain on your server. In the event that it disrupts some of your programs, you shall be able to stop it through the respective part of Hepsia, or you can leave it operating in passive mode, so it shall recognize attacks and shall still maintain a log for them, but shall not prevent them. You'll be able to examine the logs later to find out what you can do to improve the protection of your websites as you'll find information such as where an intrusion attempt came from, what Internet site was attacked and based upon what rule ModSecurity reacted, and so forth. The rules that we use are commercial, hence they're constantly updated by a security company, but to be on the safe side, our staff also include custom rules occasionally in order to deal with any new threats they have discovered.