ModSecurity is an effective firewall for Apache web servers that's employed to prevent attacks against web apps. It keeps track of the HTTP traffic to a certain site in real time and prevents any intrusion attempts as soon as it detects them. The firewall uses a set of rules to accomplish that - for instance, attempting to log in to a script admin area without success many times sets off one rule, sending a request to execute a specific file that could result in accessing the website triggers another rule, etc. ModSecurity is amongst the best firewalls available and it will preserve even scripts which aren't updated regularly since it can prevent attackers from employing known exploits and security holes. Incredibly thorough info about every intrusion attempt is recorded and the logs the firewall maintains are a lot more detailed than the regular logs generated by the Apache server, so you may later take a look at them and determine whether you need to take more measures so as to improve the protection of your script-driven sites.

ModSecurity in Shared Web Hosting

ModSecurity can be found with each shared web hosting package which we provide and it is activated by default for any domain or subdomain which you include through your Hepsia CP. If it interferes with any of your apps or you'd like to disable it for some reason, you will be able to achieve that through the ModSecurity section of Hepsia with merely a click. You could also enable a passive mode, so the firewall will identify possible attacks and keep a log, but shall not take any action. You can view detailed logs in the exact same section, including the IP address where the attack originated from, exactly what the attacker attempted to do and at what time, what ModSecurity did, and so forth. For optimum security of our clients we use a collection of commercial firewall rules mixed with custom ones that are added by our system admins.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server plans which we offer include ModSecurity and given that the firewall is turned on by default, any site that you set up under a domain or a subdomain will be secured immediately. An independent section within the Hepsia CP which comes with the semi-dedicated accounts is devoted to ModSecurity and it will permit you to stop and start the firewall for any site or enable a detection mode. With the last option, ModSecurity won't take any action, but it'll still recognize possible attacks and will keep all information within a log as if it were 100% active. The logs could be found in the very same section of the Control Panel and they include information regarding the IP where an attack came from, what its nature was, what rule ModSecurity applies to identify and stop it, and so on. The security rules we employ on our servers are a mix between commercial ones from a security firm and custom ones developed by our system administrators. Therefore, we offer higher security for your web apps as we can defend them from attacks before security corporations release updates for completely new threats.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are offered with the Hepsia hosting CP, so your web applications shall be protected from the moment your server is ready. The firewall is turned on by default for any domain or subdomain on the VPS, but if needed, you can disable it with a click via the corresponding section of Hepsia. You could also set it to operate in detection mode, so it will keep a detailed log of any potential attacks without taking any action to prevent them. The logs are available in the same section and offer details about the nature of the attack, what IP address it originated from and what ModSecurity rule was initiated to stop it. For maximum security, we employ not only commercial rules from a firm working in the field of web security, but also custom ones our administrators include manually in order to respond to new risks that are still not tackled in the commercial rules.

ModSecurity in Dedicated Servers

ModSecurity is offered as standard with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain you create on the server. In case that a web application does not work adequately, you can either turn off the firewall or set it to function in passive mode. The second means that ModSecurity shall maintain a log of any potential attack which may occur, but shall not take any action to stop it. The logs generated in passive or active mode will provide you with more details about the exact file which was attacked, the type of the attack and the IP address it came from, etc. This info shall allow you to determine what steps you can take to enhance the security of your websites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules we use are updated regularly with a commercial package from a third-party security firm we work with, but occasionally our admins add their own rules also in case they identify a new potential threat.