ModSecurity is a powerful firewall for Apache web servers which is employed to stop attacks against web apps. It keeps track of the HTTP traffic to a given site in real time and blocks any intrusion attempts the moment it identifies them. The firewall relies on a set of rules to accomplish that - as an example, trying to log in to a script admin area without success many times triggers one rule, sending a request to execute a certain file which could result in gaining access to the site triggers a different rule, etc. ModSecurity is one of the best firewalls on the market and it'll secure even scripts that aren't updated often since it can prevent attackers from employing known exploits and security holes. Quite detailed info about every single intrusion attempt is recorded and the logs the firewall keeps are a lot more detailed than the regular logs provided by the Apache server, so you could later analyze them and determine whether you need to take additional measures so as to increase the security of your script-driven Internet sites.

ModSecurity in Shared Hosting

ModSecurity is available with each shared hosting package that we provide and it's activated by default for any domain or subdomain which you add via your Hepsia CP. If it disrupts any of your programs or you would like to disable it for some reason, you shall be able to achieve that through the ModSecurity section of Hepsia with just a click. You could also activate a passive mode, so the firewall will detect possible attacks and maintain a log, but won't take any action. You'll be able to see extensive logs in the exact same section, including the IP address where the attack originated from, exactly what the attacker attempted to do and at what time, what ModSecurity did, etc. For maximum security of our customers we use a collection of commercial firewall rules combined with custom ones which are included by our system administrators.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting packages that we offer come with ModSecurity and given that the firewall is turned on by default, any Internet site which you create under a domain or a subdomain will be secured straight away. A separate section in the Hepsia Control Panel which comes with the semi-dedicated accounts is devoted to ModSecurity and it will allow you to start and stop the firewall for any Internet site or enable a detection mode. With the latter, ModSecurity won't take any action, but it shall still identify possible attacks and will keep all information within a log as if it were fully active. The logs can be found inside the exact same section of the Control Panel and they feature specifics about the IP where an attack came from, what its nature was, what rule ModSecurity applies to identify and stop it, and so forth. The security rules that we use on our machines are a mix between commercial ones from a security business and custom ones made by our system administrators. Consequently, we offer higher security for your web programs as we can defend them from attacks even before security businesses release updates for new threats.

ModSecurity in VPS Web Hosting

ModSecurity is pre-installed on all virtual private servers which are provided with the Hepsia hosting CP, so your web applications will be protected from the instant your server is ready. The firewall is activated by default for any domain or subdomain on the Virtual Private Server, but if necessary, you could disable it with a click of your mouse via the corresponding section of Hepsia. You can also set it to operate in detection mode, so it shall maintain a detailed log of any possible attacks without taking any action to stop them. The logs are available in the exact same section and provide information about the nature of the attack, what IP it came from and what ModSecurity rule was initiated to stop it. For optimum security, we use not simply commercial rules from a company working in the field of web security, but also custom ones that our admins add personally so as to respond to new threats which are still not tackled in the commercial rules.

ModSecurity in Dedicated Servers Hosting

When you decide to host your websites on a dedicated server with the Hepsia CP, your web apps will be secured right away since ModSecurity is supplied with all Hepsia-based solutions. You shall be able to manage the firewall effortlessly and if necessary, you'll be able to turn it off or switch on its passive mode when it shall only maintain a log of what is going on without taking any action to prevent possible attacks. The logs which you'll find within the exact same section of the CP are incredibly detailed and contain details about the attacker IP address, what site and file were attacked and in what way, what rule the firewall employed to stop the intrusion, and so forth. This information shall allow you to take measures and enhance the protection of your websites even more. To be on the safe side, we employ not just commercial rules, but also custom-made ones which our administrators add every time they recognize attacks which have not yet been included within the commercial pack.