ModSecurity is a highly effective firewall for Apache web servers which is employed to stop attacks against web apps. It monitors the HTTP traffic to a specific website in real time and prevents any intrusion attempts the moment it discovers them. The firewall uses a set of rules to do that - for example, trying to log in to a script admin area unsuccessfully a few times activates one rule, sending a request to execute a particular file that may result in accessing the site triggers a different rule, etc. ModSecurity is amongst the best firewalls around and it will protect even scripts that are not updated on a regular basis since it can prevent attackers from using known exploits and security holes. Quite comprehensive data about every intrusion attempt is recorded and the logs the firewall keeps are much more detailed than the conventional logs provided by the Apache server, so you can later analyze them and decide if you need to take extra measures in order to improve the security of your script-driven sites.

ModSecurity in Hosting

We offer ModSecurity with all hosting packages, so your web applications will be protected against destructive attacks. The firewall is activated as standard for all domains and subdomains, but if you would like, you shall be able to stop it using the respective section of your Hepsia Control Panel. You could also activate a detection mode, so ModSecurity shall keep a log as intended, but shall not take any action. The logs which you'll find in Hepsia are quite detailed and offer info about the nature of any attack, when it occurred and from what IP, the firewall rule which was triggered, and so forth. We employ a range of commercial rules that are frequently updated, but sometimes our administrators include custom rules as well so as to better protect the websites hosted on our servers.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting packages that we offer include ModSecurity and given that the firewall is turned on by default, any website you build under a domain or a subdomain shall be protected right from the start. An individual section inside the Hepsia CP that comes with the semi-dedicated accounts is dedicated to ModSecurity and it shall allow you to start and stop the firewall for any Internet site or activate a detection mode. With the latter, ModSecurity will not take any action, but it'll still identify possible attacks and shall keep all info inside a log as if it were completely active. The logs can be found inside the exact same section of the Control Panel and they feature info about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to identify and stop it, etcetera. The security rules which we use on our machines are a mix between commercial ones from a security company and custom ones developed by our system administrators. As a result, we provide higher security for your web applications as we can shield them from attacks before security companies release updates for brand new threats.

ModSecurity in Dedicated Hosting

When you opt to host your websites on a dedicated server with the Hepsia Control Panel, your web applications shall be protected immediately because ModSecurity is available with all Hepsia-based plans. You shall be able to control the firewall with ease and if required, you'll be able to turn it off or switch on its passive mode when it will only maintain a log of what's happening without taking any action to stop potential attacks. The logs which you will find inside the exact same section of the CP are extremely detailed and feature info about the attacker IP, what site and file were attacked and in what way, what rule the firewall employed to stop the intrusion, etc. This data will permit you to take measures and boost the protection of your websites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones that our administrators include whenever they recognize attacks that have not yet been included within the commercial pack.