ModSecurity is an effective firewall for Apache web servers that's employed to stop attacks against web apps. It keeps track of the HTTP traffic to a particular Internet site in real time and prevents any intrusion attempts the instant it discovers them. The firewall relies on a set of rules to do that - as an example, trying to log in to a script administration area without success a few times triggers one rule, sending a request to execute a particular file that may result in accessing the website triggers another rule, etc. ModSecurity is one of the best firewalls around and it'll protect even scripts which are not updated on a regular basis since it can prevent attackers from using known exploits and security holes. Very detailed info about each and every intrusion attempt is recorded and the logs the firewall keeps are far more detailed than the regular logs provided by the Apache server, so you may later take a look at them and decide if you need to take more measures so as to improve the safety of your script-driven Internet sites.

ModSecurity in Cloud Hosting

We provide ModSecurity with all cloud hosting packages, so your web apps will be protected against malicious attacks. The firewall is activated by default for all domains and subdomains, but in case you'd like, you'll be able to stop it using the respective area of your Hepsia CP. You'll be able to also activate a detection mode, so ModSecurity shall keep a log as intended, but shall not take any action. The logs which you will discover inside Hepsia are very detailed and include data about the nature of any attack, when it happened and from what IP address, the firewall rule that was triggered, and so forth. We use a range of commercial rules that are constantly updated, but sometimes our admins add custom rules as well in order to better protect the sites hosted on our servers.

ModSecurity in Semi-dedicated Hosting

ModSecurity is part of our semi-dedicated hosting packages and if you decide to host your Internet sites with us, there won't be anything special you will have to do given that the firewall is turned on by default for all domains and subdomains you add via your hosting CP. If required, you can disable ModSecurity for a given Internet site or switch on the so-called detection mode in which case the firewall will still operate and record info, but shall not do anything to stop possible attacks against your sites. In depth logs shall be accessible within your CP and you will be able to see what sort of attacks took place, what security rules were triggered and how the firewall dealt with the threats, what IP addresses the attacks came from, etcetera. We employ two types of rules on our servers - commercial ones from a business that operates in the field of web security, and customized ones that our administrators occasionally add to respond to newly identified risks on time.

ModSecurity in Dedicated Servers Hosting

ModSecurity is provided as standard with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain which you create on the web server. In case that a web application doesn't work properly, you can either switch off the firewall or set it to function in passive mode. The latter means that ModSecurity will keep a log of any potential attack which might occur, but will not take any action to prevent it. The logs produced in passive or active mode will offer you more details about the exact file which was attacked, the form of the attack and the IP it originated from, etc. This information will allow you to choose what actions you can take to enhance the security of your websites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules which we employ are updated often with a commercial bundle from a third-party security company we work with, but oftentimes our administrators include their own rules also when they identify a new potential threat.