ModSecurity is a powerful firewall for Apache web servers that's employed to stop attacks against web applications. It monitors the HTTP traffic to a certain site in real time and stops any intrusion attempts as soon as it detects them. The firewall uses a set of rules to do that - for example, trying to log in to a script admin area without success several times triggers one rule, sending a request to execute a particular file that may result in getting access to the website triggers another rule, and so on. ModSecurity is amongst the best firewalls available and it will secure even scripts which aren't updated often because it can prevent attackers from employing known exploits and security holes. Very thorough information about each and every intrusion attempt is recorded and the logs the firewall maintains are a lot more detailed than the standard logs provided by the Apache server, so you may later examine them and decide if you need to take more measures in order to enhance the protection of your script-driven sites.
ModSecurity in Shared Hosting
ModSecurity comes standard with all shared hosting packages which we offer and it will be turned on automatically for any domain or subdomain you add/create within your Hepsia hosting CP. The firewall has three different modes, so you'll be able to switch on and deactivate it with a mouse click or set it to detection mode, so it'll keep a log of all attacks, but it will not do anything to prevent them. The log for each of your websites will contain in-depth information including the nature of the attack, where it originated from, what action was taken by ModSecurity, etc. The firewall rules that we use are regularly updated and incorporate both commercial ones we get from a third-party security firm and custom ones which our system admins include in case that they detect a new kind of attacks. That way, the Internet sites you host here will be a lot more secure without any action required on your end.
ModSecurity in Semi-dedicated Hosting
ModSecurity is part of our semi-dedicated hosting plans and if you decide to host your websites with us, there won't be anything special you'll need to do as the firewall is activated by default for all domains and subdomains you add via your hosting Control Panel. If needed, you could disable ModSecurity for a particular site or activate the so-called detection mode in which case the firewall will still operate and record information, but will not do anything to stop potential attacks on your Internet sites. In depth logs shall be readily available inside your CP and you'll be able to see what sort of attacks happened, what security rules were triggered and how the firewall addressed the threats, what IP addresses the attacks came from, and so on. We employ two sorts of rules on our servers - commercial ones from a firm that operates in the field of web security, and customized ones that our administrators occasionally include to respond to newly discovered risks in a timely manner.
ModSecurity in VPS
Security is essential to us, so we install ModSecurity on all virtual private servers that are set up with the Hepsia Control Panel as a standard. The firewall could be managed through a dedicated section inside Hepsia and is turned on automatically when you include a new domain or create a subdomain, so you won't need to do anything by hand. You shall also be able to disable it or turn on the so-called detection mode, so it shall maintain a log of possible attacks that you can later examine, but shall not block them. The logs in both passive and active modes offer info about the kind of the attack and how it was prevented, what IP address it came from and other useful data that could help you to tighten the security of your Internet sites by updating them or blocking IPs, for instance. On top of the commercial rules we get for ModSecurity from a third-party security firm, we also implement our own rules since occasionally we detect specific attacks which aren't yet present within the commercial group. That way, we could enhance the security of your VPS in a timely manner as opposed to waiting for an official update.
ModSecurity in Dedicated Hosting
If you decide to host your websites on a dedicated server with the Hepsia Control Panel, your web programs shall be protected immediately as ModSecurity is available with all Hepsia-based plans. You shall be able to control the firewall effortlessly and if necessary, you will be able to turn it off or activate its passive mode when it will only maintain a log of what's happening without taking any action to stop possible attacks. The logs which you can find in the same section of the Control Panel are incredibly detailed and contain data about the attacker IP address, what website and file were attacked and in what ways, what rule the firewall employed to stop the intrusion, and so forth. This data shall allow you to take measures and increase the security of your sites even more. To be on the safe side, we use not only commercial rules, but also custom-made ones which our admins add when they recognize attacks that haven't yet been included inside the commercial pack.