ModSecurity is a highly effective firewall for Apache web servers which is employed to stop attacks toward web applications. It keeps track of the HTTP traffic to a given site in real time and blocks any intrusion attempts the moment it identifies them. The firewall uses a set of rules to accomplish that - for instance, attempting to log in to a script admin area unsuccessfully several times triggers one rule, sending a request to execute a particular file that could result in getting access to the Internet site triggers a different rule, etc. ModSecurity is among the best firewalls available and it will secure even scripts that aren't updated often because it can prevent attackers from using known exploits and security holes. Quite comprehensive info about every single intrusion attempt is recorded and the logs the firewall maintains are considerably more detailed than the regular logs created by the Apache server, so you could later examine them and determine whether you need to take extra measures in order to improve the safety of your script-driven sites.
ModSecurity in Shared Website Hosting
ModSecurity comes standard with all shared website hosting
packages that we offer and it shall be turned on automatically for any domain or subdomain that you add/create within your Hepsia hosting Control Panel. The firewall has three different modes, so you can activate and disable it with just a click or set it to detection mode, so it'll keep a log of all attacks, but it shall not do anything to prevent them. The log for each of your websites shall include detailed information which includes the nature of the attack, where it originated from, what action was taken by ModSecurity, etc. The firewall rules that we use are regularly updated and consist of both commercial ones that we get from a third-party security company and custom ones our system administrators include in the event that they detect a new sort of attacks. This way, the sites that you host here shall be a lot more protected with no action needed on your end.
ModSecurity in Semi-dedicated Hosting
We've included ModSecurity as a standard inside all semi-dedicated hosting
packages, so your web applications will be protected the instant you set them up under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts will allow you to switch on or turn off the firewall for any Internet site with a mouse click. You'll also have the ability to switch on a passive detection mode with which ModSecurity shall keep a log of possible attacks without really stopping them. The detailed logs contain the nature of the attack and what ModSecurity response that attack caused, where it came from, etcetera. The list of rules we employ is frequently updated as to match any new risks which may appear on the Internet and it includes both commercial rules that we get from a security corporation and custom-written ones which our admins include in the event that they find a threat that is not present in the commercial list yet.
ModSecurity in VPS Hosting
ModSecurity is pre-installed on all virtual private servers
which are offered with the Hepsia hosting Control Panel, so your web applications will be protected from the moment your server is ready. The firewall is turned on by default for any domain or subdomain on the Virtual Private Server, but if needed, you can disable it with a click via the corresponding section of Hepsia. You can also set it to operate in detection mode, so it'll maintain a comprehensive log of any potential attacks without taking any action to stop them. The logs are available inside the very same section and include details about the nature of the attack, what IP it came from and what ModSecurity rule was triggered to stop it. For optimum security, we use not simply commercial rules from a company operating in the field of web security, but also custom ones that our admins include manually in order to react to new threats that are still not dealt with in the commercial rules.
ModSecurity in Dedicated Web Hosting
ModSecurity is included with all dedicated servers
that are set up with our Hepsia Control Panel and you will not need to do anything specific on your end to employ it because it is enabled by default each time you add a new domain or subdomain on your hosting server. In case it interferes with any of your apps, you shall be able to stop it via the respective area of Hepsia, or you can leave it working in passive mode, so it shall recognize attacks and shall still keep a log for them, but won't prevent them. You'll be able to examine the logs later to learn what you can do to enhance the security of your sites as you shall find information such as where an intrusion attempt originated from, what Internet site was attacked and based upon what rule ModSecurity reacted, and so on. The rules we use are commercial, thus they are constantly updated by a security provider, but to be on the safe side, our staff also include custom rules occasionally as to react to any new threats they have found.