ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to an Internet site without affecting its overall performance and if it identifies an intrusion attempt, it prevents it. The firewall furthermore maintains a more comprehensive log for the website visitors than any server does, so you'll be able to monitor what's going on with your Internet sites better than if you rely only on standard logs. ModSecurity works with security rules based on which it prevents attacks. For example, it identifies if someone is trying to log in to the administration area of a given script multiple times or if a request is sent to execute a file with a specific command. In such instances these attempts set off the corresponding rules and the firewall program hinders the attempts immediately, and then records detailed information about them within its logs. ModSecurity is among the most effective software firewalls out there and it could easily protect your web apps against thousands of threats and vulnerabilities, particularly in case you don’t update them or their plugins regularly.
ModSecurity in Cloud Hosting
We provide ModSecurity with all cloud hosting plans, so your web apps will be protected against harmful attacks. The firewall is switched on as standard for all domains and subdomains, but if you'd like, you will be able to stop it through the respective section of your Hepsia CP. You could also activate a detection mode, so ModSecurity will keep a log as intended, but will not take any action. The logs that you shall discover in Hepsia are extremely detailed and include information about the nature of any attack, when it happened and from what IP address, the firewall rule that was triggered, and so on. We employ a range of commercial rules that are regularly updated, but sometimes our admins add custom rules as well so as to efficiently protect the websites hosted on our servers.
ModSecurity in Semi-dedicated Hosting
All semi-dedicated hosting packages which we offer include ModSecurity and since the firewall is switched on by default, any site that you create under a domain or a subdomain will be protected immediately. A separate section within the Hepsia CP that comes with the semi-dedicated accounts is dedicated to ModSecurity and it'll allow you to start and stop the firewall for any Internet site or switch on a detection mode. With the last option, ModSecurity shall not take any action, but it will still recognize possible attacks and will keep all info inside a log as if it were fully active. The logs could be found in the same section of the Control Panel and they include information about the IP where an attack came from, what its nature was, what rule ModSecurity applies to detect and stop it, etc. The security rules that we use on our machines are a mix between commercial ones from a security firm and custom ones developed by our system administrators. As a result, we provide higher security for your web apps as we can protect them from attacks even before security firms release updates for completely new threats.
ModSecurity in VPS Hosting
ModSecurity is provided with all Hepsia-based virtual private servers we offer and it will be activated automatically for every new domain or subdomain that you add on the hosting server. That way, any web application that you install shall be protected from the very beginning without doing anything personally on your end. The firewall may be handled via the section of the Control Panel that bears the same name. This is the area whereyou'll be able to switch off ModSecurity or let its passive mode, so it shall not take any action against threats, but will still maintain a detailed log. The recorded information is available inside the same section as well and you'll be able to see what IPs any attacks originated from to enable you to stop them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity reacted. The rules which we employ on our servers are a blend between commercial ones that we get from a security firm and custom ones that are included by our staff to maximize the security of any web apps hosted on our end.
ModSecurity in Dedicated Web Hosting
ModSecurity is available by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain you create on the server. In the event that a web application does not operate adequately, you can either switch off the firewall or set it to operate in passive mode. The second means that ModSecurity shall maintain a log of any potential attack which could occur, but won't take any action to prevent it. The logs created in active or passive mode shall present you with more details about the exact file that was attacked, the type of the attack and the IP address it originated from, etc. This info shall enable you to choose what measures you can take to improve the security of your Internet sites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we use are updated constantly with a commercial bundle from a third-party security firm we work with, but from time to time our administrators add their own rules also if they identify a new potential threat.