ModSecurity is a highly effective web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to an Internet site without affecting its overall performance and if it discovers an intrusion attempt, it prevents it. The firewall also maintains a more detailed log for the traffic than any server does, so you shall manage to keep an eye on what is happening with your Internet sites better than if you rely simply on conventional logs. ModSecurity works with security rules based on which it stops attacks. For instance, it recognizes if anyone is attempting to log in to the administration area of a specific script a number of times or if a request is sent to execute a file with a specific command. In such situations these attempts set off the corresponding rules and the firewall blocks the attempts right away, after that records in-depth details about them within its logs. ModSecurity is amongst the most effective software firewalls available and it can protect your web applications against a large number of threats and vulnerabilities, particularly in case you don’t update them or their plugins regularly.

ModSecurity in Web Hosting

ModSecurity is supplied with all web hosting web servers, so when you choose to host your Internet sites with our firm, they will be protected against a wide range of attacks. The firewall is enabled as standard for all domains and subdomains, so there will be nothing you will need to do on your end. You will be able to stop ModSecurity for any website if needed, or to enable a detection mode, so all activity shall be recorded, but the firewall shall not take any real action. You shall be able to view detailed logs through your Hepsia CP including the IP address where the attack originated from, what the attacker wanted to do and how ModSecurity addressed the threat. As we take the protection of our clients' sites very seriously, we use a set of commercial rules which we take from one of the best companies which maintain this type of rules. Our admins also include custom rules to make sure that your websites shall be shielded from as many threats as possible.

ModSecurity in Semi-dedicated Hosting

We have integrated ModSecurity as a standard within all semi-dedicated hosting packages, so your web applications will be protected whenever you set them up under any domain or subdomain. The Hepsia Control Panel which comes with the semi-dedicated accounts will allow you to switch on or disable the firewall for any site with a click. You will also have the ability to switch on a passive detection mode through which ModSecurity will keep a log of potential attacks without actually preventing them. The detailed logs contain the nature of the attack and what ModSecurity response that attack caused, where it originated from, and so on. The list of rules that we employ is constantly updated as to match any new threats that may appear on the Internet and it features both commercial rules that we get from a security company and custom-written ones which our admins include in case they find a threat that's not present inside the commercial list yet.

ModSecurity in Dedicated Servers Hosting

All our dedicated servers which are set up with the Hepsia hosting Control Panel feature ModSecurity, so any app you upload or install shall be properly secured from the very beginning and you will not need to worry about common attacks or vulnerabilities. A separate section in Hepsia will permit you to start or stop the firewall for every domain or subdomain, or turn on a detection mode so that it records info about intrusions, but does not take actions to stop them. What you'll find in the logs shall enable you to to secure your websites better - the IP an attack originated from, what site was attacked and how, what ModSecurity rule was triggered, and so on. With this info, you'll be able to see if a website needs an update, whether you need to block IPs from accessing your hosting server, and so forth. In addition to the third-party commercial security rules for ModSecurity we use, our administrators include custom ones too when they find a new threat that's not yet in the commercial bundle.