ModSecurity is an effective firewall for Apache web servers that is used to stop attacks towards web apps. It keeps track of the HTTP traffic to a particular site in real time and stops any intrusion attempts as soon as it identifies them. The firewall relies on a set of rules to do that - as an example, trying to log in to a script administrator area without success a few times triggers one rule, sending a request to execute a specific file that could result in getting access to the site triggers another rule, and so forth. ModSecurity is among the best firewalls available and it'll secure even scripts that aren't updated regularly as it can prevent attackers from using known exploits and security holes. Incredibly comprehensive info about each intrusion attempt is recorded and the logs the firewall maintains are a lot more detailed than the regular logs provided by the Apache server, so you may later examine them and decide whether you need to take extra measures in order to boost the security of your script-driven sites.

ModSecurity in Cloud Web Hosting

We offer ModSecurity with all cloud web hosting plans, so your Internet apps shall be resistant to harmful attacks. The firewall is switched on as standard for all domains and subdomains, but in case you would like, you shall be able to stop it using the respective section of your Hepsia CP. You'll be able to also switch on a detection mode, so ModSecurity shall keep a log as intended, but shall not take any action. The logs that you will find within Hepsia are very detailed and feature info about the nature of any attack, when it occurred and from what IP, the firewall rule which was triggered, etcetera. We employ a range of commercial rules which are constantly updated, but sometimes our admins add custom rules as well in order to better protect the Internet sites hosted on our machines.

ModSecurity in Semi-dedicated Servers

Any web app you set up in your new semi-dedicated server account will be protected by ModSecurity because the firewall comes with all our hosting plans and is activated by default for any domain and subdomain which you add or create via your Hepsia hosting Control Panel. You'll be able to manage ModSecurity via a dedicated section inside Hepsia where not only can you activate or deactivate it completely, but you can also enable a passive mode, so the firewall shall not block anything, but it shall still maintain an archive of possible attacks. This takes only a click and you'll be able to look at the logs regardless of if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was dealt with, etc. The firewall employs two groups of rules on our machines - a commercial one which we get from a third-party web security firm and a custom one which our administrators update personally in order to respond to newly discovered risks immediately.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are offered with the Hepsia hosting Control Panel, so your web applications shall be secured from the instant your server is ready. The firewall is turned on by default for any domain or subdomain on the Virtual Private Server, but if needed, you could deactivate it with a click from the corresponding section of Hepsia. You could also set it to operate in detection mode, so it shall maintain a comprehensive log of any possible attacks without taking any action to stop them. The logs are available within the same section and offer details about the nature of the attack, what IP address it originated from and what ModSecurity rule was initiated to stop it. For best security, we use not simply commercial rules from a firm working in the field of web security, but also custom ones which our administrators include manually in order to respond to new risks which are still not addressed in the commercial rules.

ModSecurity in Dedicated Servers

All of our dedicated servers which are set up with the Hepsia hosting Control Panel come with ModSecurity, so any app that you upload or set up shall be protected from the very beginning and you'll not have to concern yourself with common attacks or vulnerabilities. An individual section within Hepsia will permit you to start or stop the firewall for every domain or subdomain, or switch on a detection mode so that it records details about intrusions, but does not take actions to stop them. What you'll discover in the logs can easily allow you to to secure your websites better - the IP an attack originated from, what site was attacked and exactly how, what ModSecurity rule was triggered, and so forth. With this info, you can see whether a site needs an update, if you should block IPs from accessing your server, etc. In addition to the third-party commercial security rules for ModSecurity which we use, our admins add custom ones too if they discover a new threat that is not yet a part of the commercial bundle.