ModSecurity is an effective firewall for Apache web servers which is employed to prevent attacks against web applications. It tracks the HTTP traffic to a certain website in real time and stops any intrusion attempts the moment it identifies them. The firewall relies on a set of rules to do this - for example, trying to log in to a script administration area unsuccessfully a few times triggers one rule, sending a request to execute a specific file which may result in gaining access to the Internet site triggers a different rule, and so on. ModSecurity is among the best firewalls available on the market and it'll preserve even scripts that are not updated regularly since it can prevent attackers from using known exploits and security holes. Quite thorough info about every intrusion attempt is recorded and the logs the firewall keeps are a lot more comprehensive than the conventional logs created by the Apache server, so you can later take a look at them and determine if you need to take extra measures so as to boost the protection of your script-driven websites.

ModSecurity in Website Hosting

ModSecurity can be found with each website hosting solution that we provide and it's activated by default for any domain or subdomain that you add through your Hepsia Control Panel. In case it interferes with any of your applications or you'd like to disable it for some reason, you shall be able to do this through the ModSecurity area of Hepsia with merely a mouse click. You can also activate a passive mode, so the firewall will detect possible attacks and keep a log, but will not take any action. You could view detailed logs in the exact same section, including the IP where the attack originated from, exactly what the attacker attempted to do and at what time, what ModSecurity did, etc. For maximum security of our clients we use a collection of commercial firewall rules blended with custom ones which are provided by our system administrators.

ModSecurity in Semi-dedicated Servers

We have incorporated ModSecurity as a standard in all semi-dedicated server packages, so your web applications will be protected the instant you set them up under any domain or subdomain. The Hepsia CP which comes with the semi-dedicated accounts shall allow you to activate or turn off the firewall for any Internet site with a click. You will also have the ability to activate a passive detection mode in which ModSecurity will keep a log of possible attacks without really stopping them. The detailed logs contain the nature of the attack and what ModSecurity response that attack triggered, where it came from, and so on. The list of rules that we use is constantly updated as to match any new threats that could appear on the Internet and it comes with both commercial rules that we get from a security corporation and custom-written ones which our admins include in the event that they discover a threat that is not present within the commercial list yet.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are offered with the Hepsia hosting CP, so your web programs shall be protected from the moment your server is ready. The firewall is switched on by default for any domain or subdomain on the Virtual Private Server, but if required, you can disable it with a mouse click from the corresponding section of Hepsia. You could also set it to function in detection mode, so it will keep a detailed log of any potential attacks without taking any action to prevent them. The logs are available in the very same section and offer information about the nature of the attack, what IP address it originated from and what ModSecurity rule was triggered to stop it. For best security, we use not just commercial rules from a company operating in the field of web security, but also custom ones that our administrators add manually in order to react to new threats that are still not addressed in the commercial rules.

ModSecurity in Dedicated Servers

If you opt to host your sites on a dedicated server with the Hepsia CP, your web apps shall be secured right away since ModSecurity is supplied with all Hepsia-based packages. You'll be able to manage the firewall effortlessly and if necessary, you will be able to turn it off or enable its passive mode when it shall only keep a log of what is happening without taking any action to prevent potential attacks. The logs that you can find in the same section of the Control Panel are really detailed and include info about the attacker IP, what website and file were attacked and in what way, what rule the firewall employed to stop the intrusion, etc. This info shall permit you to take measures and improve the protection of your sites even more. To be on the safe side, we use not only commercial rules, but also custom-made ones which our staff add whenever they recognize attacks which have not yet been included in the commercial pack.