ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its overall performance and in case it discovers an intrusion attempt, it prevents it. The firewall furthermore maintains a more detailed log for the traffic than any server does, so you will be able to monitor what's happening with your websites much better than if you rely only on conventional logs. ModSecurity uses security rules based on which it stops attacks. For instance, it recognizes whether somebody is trying to log in to the admin area of a specific script multiple times or if a request is sent to execute a file with a specific command. In these situations these attempts set off the corresponding rules and the firewall blocks the attempts immediately, then records detailed details about them in its logs. ModSecurity is one of the very best software firewalls on the market and it can easily protect your web applications against many threats and vulnerabilities, particularly if you don’t update them or their plugins frequently.

ModSecurity in Shared Hosting

ModSecurity is available on all shared hosting servers, so if you opt to host your sites with our business, they will be shielded from a wide array of attacks. The firewall is turned on as standard for all domains and subdomains, so there shall be nothing you'll have to do on your end. You shall be able to stop ModSecurity for any Internet site if required, or to enable a detection mode, so that all activity will be recorded, but the firewall will not take any real action. You'll be able to view specific logs via your Hepsia Control Panel including the IP where the attack came from, what the attacker wanted to do and how ModSecurity addressed the threat. Since we take the safety of our customers' websites very seriously, we employ a selection of commercial rules that we get from one of the best companies that maintain this type of rules. Our administrators also add custom rules to make certain that your websites will be protected against as many risks as possible.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server plans which we offer include ModSecurity and given that the firewall is enabled by default, any site which you build under a domain or a subdomain will be secured right away. An independent section in the Hepsia CP that comes with the semi-dedicated accounts is devoted to ModSecurity and it will allow you to start and stop the firewall for any site or enable a detection mode. With the last option, ModSecurity will not take any action, but it'll still detect possible attacks and will keep all information in a log as if it were completely active. The logs can be found inside the very same section of the CP and they include details about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to identify and stop it, etc. The security rules we employ on our servers are a mix between commercial ones from a security company and custom ones created by our system administrators. For that reason, we provide higher security for your web applications as we can defend them from attacks even before security firms release updates for completely new threats.

ModSecurity in VPS Servers

ModSecurity comes with all Hepsia-based VPS servers we offer and it'll be turned on automatically for every new domain or subdomain you add on the server. This way, any web application you install will be secured right from the start without doing anything by hand on your end. The firewall could be handled via the section of the Control Panel which has the same name. This is the area in whichyou could switch off ModSecurity or let its passive mode, so it won't take any action towards threats, but will still maintain a comprehensive log. The recorded data is available in the same section as well and you'll be able to see what IPs any attacks originated from so that you can stop them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity responded. The rules that we employ on our servers are a blend between commercial ones we get from a security company and custom ones that are added by our staff to optimize the protection of any web applications hosted on our end.

ModSecurity in Dedicated Servers

ModSecurity comes with all dedicated servers which are integrated with our Hepsia CP and you will not need to do anything specific on your end to employ it since it is turned on by default each time you add a new domain or subdomain on your server. If it interferes with some of your apps, you will be able to stop it through the respective part of Hepsia, or you could leave it operating in passive mode, so it will detect attacks and will still keep a log for them, but will not prevent them. You may look at the logs later to find out what you can do to improve the security of your websites since you shall find information such as where an intrusion attempt originated from, what site was attacked and based upon what rule ModSecurity responded, etcetera. The rules we employ are commercial, thus they are constantly updated by a security provider, but to be on the safe side, our admins also include custom rules from time to time as to respond to any new threats they have found.