ModSecurity is a powerful web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its performance and if it detects an intrusion attempt, it blocks it. The firewall also keeps a more thorough log for the traffic than any server does, so you'll manage to keep an eye on what is going on with your websites better than if you rely simply on conventional logs. ModSecurity uses security rules based on which it stops attacks. For example, it recognizes whether someone is trying to log in to the administration area of a particular script a number of times or if a request is sent to execute a file with a particular command. In these circumstances these attempts set off the corresponding rules and the firewall software blocks the attempts right away, and then records in-depth information about them in its logs. ModSecurity is amongst the most effective software firewalls available and it can easily protect your web applications against a huge number of threats and vulnerabilities, particularly if you don’t update them or their plugins regularly.
ModSecurity in Cloud Hosting
ModSecurity is available with every cloud hosting
solution which we offer and it's turned on by default for any domain or subdomain that you add through your Hepsia Control Panel. In case it interferes with any of your applications or you would like to disable it for whatever reason, you will be able to achieve that through the ModSecurity section of Hepsia with just a click. You could also enable a passive mode, so the firewall will discover potential attacks and keep a log, but will not take any action. You could view comprehensive logs in the exact same section, including the IP where the attack originated from, what exactly the attacker aimed to do and at what time, what ModSecurity did, and so forth. For optimum security of our customers we use a group of commercial firewall rules mixed with custom ones that are added by our system admins.
ModSecurity in Semi-dedicated Hosting
Any web app that you install within your new semi-dedicated hosting
account shall be protected by ModSecurity as the firewall is provided with all our hosting packages and is turned on by default for any domain and subdomain that you include or create via your Hepsia hosting CP. You'll be able to manage ModSecurity through a dedicated area inside Hepsia where not simply can you activate or deactivate it fully, but you can also enable a passive mode, so the firewall won't block anything, but it shall still keep an archive of potential attacks. This normally requires simply a click and you'll be able to look at the logs regardless of if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was handled, and so forth. The firewall employs 2 sets of rules on our servers - a commercial one which we get from a third-party web security firm and a custom one which our admins update manually in order to respond to recently discovered threats at the earliest opportunity.
ModSecurity in VPS Web Hosting
ModSecurity comes with all Hepsia-based virtual private servers
that we offer and it will be activated automatically for any new domain or subdomain that you include on the server. This way, any web application you install shall be secured right away without doing anything personally on your end. The firewall could be managed from the section of the Control Panel which has the same name. This is the location whereyou could disable ModSecurity or let its passive mode, so it shall not take any action against threats, but will still maintain a comprehensive log. The recorded data is available inside the same section as well and you will be able to see what IPs any attacks originated from so that you can stop them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity responded. The rules that we use on our servers are a combination between commercial ones we get from a security organization and custom ones that are included by our staff to enhance the security of any web apps hosted on our end.
ModSecurity in Dedicated Servers Hosting
All our dedicated servers
that are set up with the Hepsia hosting CP come with ModSecurity, so any application that you upload or set up shall be secured from the very beginning and you won't have to bother about common attacks or vulnerabilities. An independent section in Hepsia will permit you to start or stop the firewall for any domain or subdomain, or switch on a detection mode so that it records information regarding intrusions, but does not take actions to stop them. What you will see in the logs shall allow you to to secure your Internet sites better - the IP an attack originated from, what website was attacked and exactly how, what ModSecurity rule was triggered, etc. With this info, you'll be able to see if an Internet site needs an update, whether you need to block IPs from accessing your hosting server, and so on. Besides the third-party commercial security rules for ModSecurity that we use, our administrators include custom ones as well every time they come across a new threat that's not yet a part of the commercial bundle.