ModSecurity is a powerful firewall for Apache web servers that's employed to prevent attacks against web applications. It monitors the HTTP traffic to a given site in real time and prevents any intrusion attempts the instant it discovers them. The firewall uses a set of rules to accomplish that - for example, attempting to log in to a script administrator area without success a few times sets off one rule, sending a request to execute a particular file which could result in gaining access to the Internet site triggers another rule, and so on. ModSecurity is among the best firewalls out there and it will protect even scripts that aren't updated regularly because it can prevent attackers from using known exploits and security holes. Incredibly comprehensive information about each and every intrusion attempt is recorded and the logs the firewall maintains are considerably more detailed than the standard logs generated by the Apache server, so you could later examine them and decide whether you need to take additional measures in order to increase the security of your script-driven websites.

ModSecurity in Cloud Website Hosting

ModSecurity is provided with all cloud website hosting machines, so if you choose to host your sites with our company, they will be shielded from a wide range of attacks. The firewall is enabled by default for all domains and subdomains, so there will be nothing you shall need to do on your end. You'll be able to stop ModSecurity for any Internet site if needed, or to activate a detection mode, so that all activity shall be recorded, but the firewall won't take any real action. You shall be able to view detailed logs via your Hepsia CP including the IP address where the attack originated from, what the attacker wanted to do and how ModSecurity dealt with the threat. Since we take the security of our customers' sites seriously, we employ a set of commercial rules that we take from one of the leading companies which maintain this sort of rules. Our administrators also include custom rules to make sure that your Internet sites will be shielded from as many threats as possible.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server packages that we offer include ModSecurity and because the firewall is enabled by default, any website you build under a domain or a subdomain will be secured immediately. An independent section inside the Hepsia CP which comes with the semi-dedicated accounts is dedicated to ModSecurity and it'll enable you to stop and start the firewall for any site or switch on a detection mode. With the last option, ModSecurity shall not take any action, but it'll still identify possible attacks and shall keep all data inside a log as if it were completely active. The logs can be found inside the exact same section of the Control Panel and they feature specifics about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to identify and stop it, etcetera. The security rules which we use on our machines are a mix between commercial ones from a security company and custom ones made by our system administrators. Therefore, we provide greater security for your web applications as we can defend them from attacks before security companies release updates for brand new threats.

ModSecurity in VPS Servers

Safety is vital to us, so we set up ModSecurity on all VPS servers which are provided with the Hepsia Control Panel as a standard. The firewall could be managed through a dedicated section in Hepsia and is activated automatically when you include a new domain or generate a subdomain, so you will not need to do anything by hand. You will also be able to disable it or activate the so-called detection mode, so it shall maintain a log of potential attacks you can later analyze, but won't prevent them. The logs in both passive and active modes include details about the kind of the attack and how it was stopped, what IP it originated from and other important information which might help you to tighten the security of your sites by updating them or blocking IPs, as an example. Beyond the commercial rules we get for ModSecurity from a third-party security company, we also implement our own rules as once in a while we find specific attacks that are not yet present inside the commercial group. This way, we could enhance the protection of your VPS instantly instead of waiting for a certified update.

ModSecurity in Dedicated Servers

When you choose to host your sites on a dedicated server with the Hepsia Control Panel, your web applications shall be secured straight away as ModSecurity is supplied with all Hepsia-based solutions. You shall be able to regulate the firewall without difficulty and if needed, you shall be able to turn it off or enable its passive mode when it shall only keep a log of what's taking place without taking any action to prevent possible attacks. The logs which you can find inside the exact same section of the Control Panel are quite detailed and include info about the attacker IP address, what website and file were attacked and in what way, what rule the firewall employed to prevent the intrusion, and so on. This info will enable you to take measures and enhance the security of your websites even more. To be on the safe side, we use not only commercial rules, but also custom-made ones which our admins add every time they detect attacks which haven't yet been included within the commercial pack.