ModSecurity is a powerful firewall for Apache web servers that's used to stop attacks toward web apps. It monitors the HTTP traffic to a given Internet site in real time and blocks any intrusion attempts as soon as it detects them. The firewall relies on a set of rules to do that - for instance, trying to log in to a script administrator area unsuccessfully a few times sets off one rule, sending a request to execute a specific file that could result in accessing the Internet site triggers another rule, and so forth. ModSecurity is one of the best firewalls around and it will secure even scripts that are not updated regularly because it can prevent attackers from using known exploits and security holes. Very detailed data about every intrusion attempt is recorded and the logs the firewall keeps are much more detailed than the regular logs generated by the Apache server, so you can later analyze them and determine whether you need to take more measures in order to improve the protection of your script-driven Internet sites.

ModSecurity in Hosting

We provide ModSecurity with all hosting solutions, so your Internet apps shall be shielded from harmful attacks. The firewall is activated by default for all domains and subdomains, but if you would like, you shall be able to stop it using the respective section of your Hepsia Control Panel. You'll be able to also activate a detection mode, so ModSecurity will keep a log as intended, but will not take any action. The logs that you shall discover inside Hepsia are quite detailed and offer info about the nature of any attack, when it happened and from what IP address, the firewall rule that was triggered, and so on. We use a group of commercial rules that are often updated, but sometimes our admins add custom rules as well in order to efficiently protect the websites hosted on our machines.

ModSecurity in Semi-dedicated Servers

Any web program that you install in your new semi-dedicated server account will be protected by ModSecurity as the firewall is included with all our hosting plans and is activated by default for any domain and subdomain that you include or create through your Hepsia hosting CP. You'll be able to manage ModSecurity through a dedicated section within Hepsia where not only can you activate or deactivate it fully, but you can also enable a passive mode, so the firewall will not block anything, but it shall still keep a record of possible attacks. This requires just a mouse click and you will be able to look at the logs regardless if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was taken care of, and so on. The firewall employs 2 groups of rules on our web servers - a commercial one which we get from a third-party web security company and a custom one which our admins update manually as to respond to recently discovered threats as quickly as possible.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers which are offered with the Hepsia hosting CP, so your web apps will be secured from the second your server is in a position. The firewall is switched on by default for any domain or subdomain on the VPS, but if needed, you can deactivate it with a click of your mouse from the corresponding section of Hepsia. You can also set it to function in detection mode, so it'll maintain a detailed log of any possible attacks without taking any action to prevent them. The logs are available in the exact same section and provide information about the nature of the attack, what IP it originated from and what ModSecurity rule was triggered to stop it. For best security, we employ not only commercial rules from a business operating in the field of web security, but also custom ones which our admins add personally in order to respond to new threats that are still not dealt with in the commercial rules.

ModSecurity in Dedicated Servers

ModSecurity is provided with all dedicated servers that are integrated with our Hepsia CP and you'll not have to do anything specific on your end to use it because it's enabled by default every time you add a new domain or subdomain on your hosting server. In the event that it interferes with any of your apps, you'll be able to stop it through the respective part of Hepsia, or you could leave it working in passive mode, so it shall identify attacks and will still maintain a log for them, but shall not block them. You can look at the logs later to find out what you can do to enhance the protection of your Internet sites as you shall find information such as where an intrusion attempt originated from, what Internet site was attacked and based on what rule ModSecurity reacted, and so on. The rules that we employ are commercial, therefore they're frequently updated by a security firm, but to be on the safe side, our admins also include custom rules occasionally as to respond to any new threats they have identified.