ModSecurity is an efficient firewall for Apache web servers which is used to prevent attacks towards web applications. It tracks the HTTP traffic to a given Internet site in real time and blocks any intrusion attempts the instant it detects them. The firewall relies on a set of rules to accomplish that - for instance, trying to log in to a script admin area unsuccessfully many times activates one rule, sending a request to execute a certain file which may result in getting access to the Internet site triggers another rule, etcetera. ModSecurity is among the best firewalls available and it will secure even scripts that aren't updated on a regular basis as it can prevent attackers from employing known exploits and security holes. Very detailed information about every single intrusion attempt is recorded and the logs the firewall keeps are a lot more comprehensive than the standard logs generated by the Apache server, so you may later take a look at them and decide if you need to take additional measures so as to improve the security of your script-driven sites.

ModSecurity in Shared Hosting

ModSecurity is available on all shared hosting machines, so if you choose to host your sites with our firm, they will be shielded from a wide range of attacks. The firewall is turned on as standard for all domains and subdomains, so there'll be nothing you will need to do on your end. You shall be able to stop ModSecurity for any site if necessary, or to enable a detection mode, so that all activity shall be recorded, but the firewall will not take any real action. You will be able to view detailed logs using your Hepsia Control Panel including the IP address where the attack came from, what the attacker wished to do and how ModSecurity addressed the threat. As we take the protection of our customers' websites very seriously, we employ a set of commercial rules that we take from one of the top companies which maintain this sort of rules. Our admins also add custom rules to ensure that your sites will be resistant to as many threats as possible.

ModSecurity in Semi-dedicated Hosting

ModSecurity is a part of our semi-dedicated hosting solutions and if you opt to host your Internet sites with us, there shall not be anything special you will have to do given that the firewall is switched on by default for all domains and subdomains you include using your hosting CP. If required, you can disable ModSecurity for a given website or switch on the so-called detection mode in which case the firewall will still work and record info, but won't do anything to prevent possible attacks on your websites. Comprehensive logs will be accessible within your Control Panel and you shall be able to see which kind of attacks took place, what security rules were triggered and how the firewall dealt with the threats, what IP addresses the attacks originated from, and so on. We use 2 kinds of rules on our servers - commercial ones from a business that operates in the field of web security, and custom ones which our administrators often add to respond to newly identified threats on time.

ModSecurity in VPS

ModSecurity is pre-installed on all virtual private servers that are offered with the Hepsia hosting Control Panel, so your web apps will be protected from the second your server is ready. The firewall is switched on by default for any domain or subdomain on the Virtual Private Server, but if needed, you could disable it with a click of your mouse through the corresponding section of Hepsia. You can also set it to work in detection mode, so it'll maintain a detailed log of any possible attacks without taking any action to stop them. The logs are available inside the same section and offer information about the nature of the attack, what IP address it originated from and what ModSecurity rule was initiated to stop it. For best security, we employ not simply commercial rules from a firm operating in the field of web security, but also custom ones which our admins include personally so as to respond to new threats which are still not addressed in the commercial rules.

ModSecurity in Dedicated Hosting

ModSecurity is included with all dedicated servers that are integrated with our Hepsia Control Panel and you'll not need to do anything specific on your end to use it because it is enabled by default each time you add a new domain or subdomain on your hosting server. If it disrupts some of your programs, you shall be able to stop it via the respective part of Hepsia, or you could leave it in passive mode, so it will detect attacks and shall still keep a log for them, but will not stop them. You could examine the logs later to find out what you can do to enhance the security of your sites as you will find info such as where an intrusion attempt came from, what website was attacked and based upon what rule ModSecurity reacted, etc. The rules we use are commercial, thus they are regularly updated by a security provider, but to be on the safe side, our administrators also add custom rules occasionally in order to respond to any new threats they have discovered.