ModSecurity is a potent web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its overall performance and if it detects an intrusion attempt, it blocks it. The firewall additionally keeps a more detailed log for the website visitors than any web server does, so you will be able to keep an eye on what is happening with your Internet sites a lot better than if you rely only on standard logs. ModSecurity employs security rules based on which it helps prevent attacks. For instance, it recognizes whether someone is attempting to log in to the administration area of a specific script multiple times or if a request is sent to execute a file with a specific command. In these situations these attempts set off the corresponding rules and the software blocks the attempts in real time, and then records in-depth information about them inside its logs. ModSecurity is one of the very best software firewalls available and it can protect your web applications against a huge number of threats and vulnerabilities, particularly if you don’t update them or their plugins frequently.

ModSecurity in Cloud Website Hosting

ModSecurity is provided with all cloud website hosting machines, so when you decide to host your websites with our organization, they shall be protected against an array of attacks. The firewall is enabled as standard for all domains and subdomains, so there will be nothing you will have to do on your end. You will be able to stop ModSecurity for any Internet site if needed, or to activate a detection mode, so all activity shall be recorded, but the firewall won't take any real action. You'll be able to view comprehensive logs through your Hepsia CP including the IP address where the attack originated from, what the attacker planned to do and how ModSecurity handled the threat. As we take the safety of our customers' Internet sites very seriously, we employ a group of commercial rules which we get from one of the best companies which maintain such rules. Our administrators also add custom rules to make certain that your websites will be resistant to as many risks as possible.

ModSecurity in Semi-dedicated Servers

ModSecurity is a part of our semi-dedicated server plans and if you opt to host your sites with us, there won't be anything special you'll have to do given that the firewall is turned on by default for all domains and subdomains that you add using your hosting CP. If needed, you could disable ModSecurity for a given website or activate the so-called detection mode in which case the firewall shall still work and record data, but won't do anything to stop possible attacks on your sites. Thorough logs shall be readily available in your Control Panel and you'll be able to see what sort of attacks took place, what security rules were triggered and how the firewall addressed the threats, what IP addresses the attacks came from, etcetera. We employ 2 kinds of rules on our servers - commercial ones from a firm that operates in the field of web security, and custom ones that our administrators sometimes add to respond to newly found threats promptly.

ModSecurity in VPS Servers

Protection is extremely important to us, so we install ModSecurity on all VPS servers which are set up with the Hepsia Control Panel by default. The firewall could be managed through a dedicated section in Hepsia and is switched on automatically when you include a new domain or create a subdomain, so you will not have to do anything manually. You shall also be able to disable it or activate the so-called detection mode, so it will maintain a log of potential attacks you can later analyze, but won't prevent them. The logs in both passive and active modes offer details about the type of the attack and how it was prevented, what IP address it originated from and other important info which could help you to tighten the security of your sites by updating them or blocking IPs, as an example. On top of the commercial rules we get for ModSecurity from a third-party security company, we also implement our own rules since every now and then we find specific attacks which are not yet present in the commercial package. That way, we can easily increase the protection of your VPS promptly rather than awaiting a certified update.

ModSecurity in Dedicated Servers

ModSecurity is provided with all dedicated servers which are set up with our Hepsia CP and you won't need to do anything specific on your end to use it as it's switched on by default whenever you add a new domain or subdomain on your web server. In the event that it disrupts some of your applications, you shall be able to stop it through the respective area of Hepsia, or you may leave it in passive mode, so it shall detect attacks and shall still maintain a log for them, but won't prevent them. You may analyze the logs later to learn what you can do to increase the safety of your sites as you will find information such as where an intrusion attempt originated from, what website was attacked and in accordance with what rule ModSecurity responded, etcetera. The rules that we employ are commercial, thus they are frequently updated by a security firm, but to be on the safe side, our staff also add custom rules once in a while as to deal with any new threats they have found.