ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its operation and in case it detects an intrusion attempt, it blocks it. The firewall furthermore maintains a more thorough log for the traffic than any server does, so you shall be able to monitor what's going on with your Internet sites better than if you rely only on conventional logs. ModSecurity uses security rules based on which it prevents attacks. For instance, it detects if somebody is trying to log in to the administration area of a particular script a number of times or if a request is sent to execute a file with a specific command. In such cases these attempts set off the corresponding rules and the firewall program hinders the attempts instantly, then records in-depth information about them within its logs. ModSecurity is one of the best software firewalls on the market and it can protect your web applications against many threats and vulnerabilities, particularly in case you don’t update them or their plugins frequently.
ModSecurity in Web Hosting
ModSecurity can be found with every single web hosting plan that we provide and it is activated by default for every domain or subdomain which you add via your Hepsia Control Panel. If it disrupts any of your apps or you'd like to disable it for whatever reason, you'll be able to achieve that through the ModSecurity section of Hepsia with simply a click. You could also enable a passive mode, so the firewall will recognize possible attacks and maintain a log, but will not take any action. You can view comprehensive logs in the same section, including the IP address where the attack originated from, what exactly the attacker attempted to do and at what time, what ModSecurity did, etc. For maximum security of our clients we use a group of commercial firewall rules combined with custom ones that are provided by our system admins.
ModSecurity in Semi-dedicated Hosting
We have integrated ModSecurity as a standard within all semi-dedicated hosting packages, so your web applications will be protected whenever you set them up under any domain or subdomain. The Hepsia Control Panel which comes with the semi-dedicated accounts will permit you to switch on or turn off the firewall for any Internet site with a click. You'll also be able to switch on a passive detection mode in which ModSecurity shall keep a log of possible attacks without really stopping them. The thorough logs contain the nature of the attack and what ModSecurity response this attack triggered, where it originated from, etcetera. The list of rules that we use is regularly updated as to match any new risks that may appear on the Internet and it features both commercial rules that we get from a security business and custom-written ones that our admins add if they find a threat that's not present within the commercial list yet.
ModSecurity in VPS Hosting
ModSecurity is pre-installed on all virtual private servers that are offered with the Hepsia hosting CP, so your web applications will be protected from the instant your server is ready. The firewall is activated by default for any domain or subdomain on the Virtual Private Server, but if needed, you could deactivate it with a click from the corresponding section of Hepsia. You could also set it to operate in detection mode, so it shall keep a detailed log of any potential attacks without taking any action to stop them. The logs can be found in the exact same section and include info about the nature of the attack, what IP address it came from and what ModSecurity rule was initiated to stop it. For best security, we employ not just commercial rules from a firm operating in the field of web security, but also custom ones our administrators add manually in order to respond to new risks which are still not dealt with in the commercial rules.
ModSecurity in Dedicated Web Hosting
When you opt to host your sites on a dedicated server with the Hepsia CP, your web applications will be protected straight away because ModSecurity is available with all Hepsia-based plans. You'll be able to regulate the firewall effortlessly and if required, you'll be able to turn it off or switch on its passive mode when it shall only keep a log of what's taking place without taking any action to prevent possible attacks. The logs which you can find within the very same section of the CP are incredibly detailed and feature information about the attacker IP, what site and file were attacked and in what way, what rule the firewall used to stop the intrusion, and so forth. This info will enable you to take measures and boost the protection of your Internet sites even more. To be on the safe side, we employ not just commercial rules, but also custom-made ones that our administrators include every time they recognize attacks which have not yet been included in the commercial pack.