ModSecurity is a potent web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to an Internet site without affecting its operation and if it detects an intrusion attempt, it prevents it. The firewall additionally keeps a more thorough log for the traffic than any server does, so you will manage to keep track of what is going on with your sites a lot better than if you rely merely on conventional logs. ModSecurity works with security rules based on which it stops attacks. For example, it identifies if someone is trying to log in to the administration area of a particular script multiple times or if a request is sent to execute a file with a certain command. In these cases these attempts trigger the corresponding rules and the firewall software hinders the attempts instantly, and then records comprehensive information about them within its logs. ModSecurity is amongst the most effective software firewalls on the market and it could easily protect your web apps against a huge number of threats and vulnerabilities, particularly in case you don’t update them or their plugins regularly.

ModSecurity in Hosting

We offer ModSecurity with all hosting plans, so your web apps will be resistant to malicious attacks. The firewall is activated by default for all domains and subdomains, but in case you'd like, you will be able to stop it via the respective area of your Hepsia CP. You can also activate a detection mode, so ModSecurity shall keep a log as intended, but won't take any action. The logs that you'll find inside Hepsia are quite detailed and offer information about the nature of any attack, when it happened and from what IP, the firewall rule which was triggered, and so forth. We use a set of commercial rules that are regularly updated, but sometimes our admins include custom rules as well in order to efficiently protect the Internet sites hosted on our machines.

ModSecurity in Semi-dedicated Servers

We have incorporated ModSecurity by default in all semi-dedicated server packages, so your web apps shall be protected as soon as you install them under any domain or subdomain. The Hepsia Control Panel which comes with the semi-dedicated accounts shall permit you to switch on or disable the firewall for any Internet site with a mouse click. You'll also have the ability to switch on a passive detection mode with which ModSecurity shall keep a log of possible attacks without really stopping them. The thorough logs include the nature of the attack and what ModSecurity response that attack initiated, where it came from, and so forth. The list of rules we employ is frequently updated in order to match any new threats which might appear on the Internet and it includes both commercial rules that we get from a security firm and custom-written ones which our admins add if they discover a threat that's not present inside the commercial list yet.

ModSecurity in VPS Servers

Protection is extremely important to us, so we install ModSecurity on all VPS servers that are set up with the Hepsia CP by default. The firewall could be managed through a dedicated section within Hepsia and is activated automatically when you add a new domain or create a subdomain, so you will not have to do anything personally. You will also be able to disable it or switch on the so-called detection mode, so it shall maintain a log of possible attacks which you can later examine, but shall not stop them. The logs in both passive and active modes offer info regarding the kind of the attack and how it was eliminated, what IP address it came from and other important information which could help you to tighten the security of your sites by updating them or blocking IPs, for instance. Beyond the commercial rules we get for ModSecurity from a third-party security firm, we also employ our own rules as occasionally we identify specific attacks that are not yet present in the commercial group. This way, we could enhance the security of your VPS promptly instead of awaiting a certified update.

ModSecurity in Dedicated Servers

ModSecurity is available by default with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain which you create on the web server. Just in case that a web app doesn't function properly, you could either turn off the firewall or set it to work in passive mode. The second means that ModSecurity will keep a log of any potential attack that might happen, but won't take any action to prevent it. The logs produced in active or passive mode will offer you additional details about the exact file that was attacked, the nature of the attack and the IP address it originated from, and so on. This info shall permit you to choose what measures you can take to improve the safety of your sites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we use are updated regularly with a commercial bundle from a third-party security provider we work with, but sometimes our staff include their own rules too in the event that they come across a new potential threat.