ModSecurity is a highly effective firewall for Apache web servers that is used to stop attacks towards web applications. It monitors the HTTP traffic to a particular site in real time and stops any intrusion attempts as soon as it detects them. The firewall uses a set of rules to do this - as an illustration, trying to log in to a script administration area unsuccessfully many times sets off one rule, sending a request to execute a specific file which may result in getting access to the site triggers a different rule, and so forth. ModSecurity is amongst the best firewalls around and it'll protect even scripts which aren't updated often as it can prevent attackers from employing known exploits and security holes. Quite thorough information about every intrusion attempt is recorded and the logs the firewall maintains are much more specific than the regular logs generated by the Apache server, so you can later examine them and decide if you need to take additional measures so as to boost the security of your script-driven websites.
ModSecurity in Hosting
We provide ModSecurity with all hosting plans, so your web applications shall be shielded from malicious attacks. The firewall is turned on as standard for all domains and subdomains, but if you would like, you shall be able to stop it via the respective part of your Hepsia CP. You'll be able to also switch on a detection mode, so ModSecurity will keep a log as intended, but shall not take any action. The logs that you'll find in Hepsia are incredibly detailed and feature data about the nature of any attack, when it happened and from what IP address, the firewall rule which was triggered, etc. We use a set of commercial rules which are frequently updated, but sometimes our administrators add custom rules as well so as to efficiently protect the Internet sites hosted on our machines.
ModSecurity in Semi-dedicated Hosting
Any web app which you install inside your new semi-dedicated hosting account will be protected by ModSecurity as the firewall is included with all our hosting packages and is activated by default for any domain and subdomain that you add or create using your Hepsia hosting Control Panel. You shall be able to manage ModSecurity through a dedicated area in Hepsia where not simply could you activate or deactivate it completely, but you can also switch on a passive mode, so the firewall shall not stop anything, but it shall still maintain a record of potential attacks. This takes just a mouse click and you shall be able to view the logs regardless of if ModSecurity is in active or passive mode through the same section - what the attack was and where it came from, how it was handled, and so forth. The firewall employs two sets of rules on our web servers - a commercial one that we get from a third-party web security firm and a custom one that our administrators update personally as to respond to newly discovered threats as fast as possible.
ModSecurity in VPS Hosting
Safety is very important to us, so we set up ModSecurity on all virtual private servers which are set up with the Hepsia Control Panel by default. The firewall can be managed through a dedicated section within Hepsia and is turned on automatically when you include a new domain or generate a subdomain, so you won't need to do anything manually. You shall also be able to disable it or activate the so-called detection mode, so it will maintain a log of possible attacks which you can later examine, but will not stop them. The logs in both passive and active modes contain information about the kind of the attack and how it was eliminated, what IP address it came from and other valuable data that may help you to tighten the security of your websites by updating them or blocking IPs, for instance. Besides the commercial rules which we get for ModSecurity from a third-party security firm, we also employ our own rules since every now and then we detect specific attacks that aren't yet present within the commercial pack. That way, we can easily enhance the protection of your VPS immediately instead of waiting for an official update.
ModSecurity in Dedicated Web Hosting
ModSecurity is provided with all dedicated servers that are set up with our Hepsia CP and you will not need to do anything specific on your end to employ it since it's turned on by default each time you include a new domain or subdomain on your web server. In the event that it interferes with any of your applications, you'll be able to stop it through the respective section of Hepsia, or you could leave it operating in passive mode, so it will identify attacks and shall still keep a log for them, but won't stop them. You'll be able to look at the logs later to learn what you can do to improve the security of your websites since you shall find info such as where an intrusion attempt originated from, what website was attacked and in accordance with what rule ModSecurity reacted, etcetera. The rules which we employ are commercial, therefore they're frequently updated by a security company, but to be on the safe side, our staff also add custom rules once in a while as to deal with any new threats they have found.