ModSecurity is a potent web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its functionality and in case it identifies an intrusion attempt, it prevents it. The firewall furthermore maintains a more thorough log for the website visitors than any server does, so you will be able to monitor what's happening with your Internet sites much better than if you rely only on conventional logs. ModSecurity employs security rules based on which it helps prevent attacks. For example, it identifies whether someone is attempting to log in to the administrator area of a given script a number of times or if a request is sent to execute a file with a certain command. In these cases these attempts trigger the corresponding rules and the firewall software hinders the attempts in real time, then records in-depth information about them inside its logs. ModSecurity is among the very best software firewalls available and it can protect your web apps against a large number of threats and vulnerabilities, especially if you don’t update them or their plugins frequently.

ModSecurity in Cloud Hosting

ModSecurity is provided with all cloud hosting web servers, so when you decide to host your Internet sites with our firm, they will be resistant to a wide array of attacks. The firewall is enabled as standard for all domains and subdomains, so there shall be nothing you'll need to do on your end. You'll be able to stop ModSecurity for any site if needed, or to enable a detection mode, so that all activity will be recorded, but the firewall shall not take any real action. You'll be able to view comprehensive logs via your Hepsia Control Panel including the IP where the attack came from, what the attacker planned to do and how ModSecurity addressed the threat. Since we take the protection of our customers' sites very seriously, we employ a set of commercial rules that we take from one of the best firms that maintain this type of rules. Our admins also include custom rules to make sure that your sites shall be shielded from as many threats as possible.

ModSecurity in VPS Hosting

ModSecurity is pre-installed on all virtual private servers which are set up with the Hepsia hosting CP, so your web programs shall be secured from the second your server is ready. The firewall is switched on by default for any domain or subdomain on the VPS, but if necessary, you can deactivate it with a click from the corresponding section of Hepsia. You can also set it to work in detection mode, so it will maintain a comprehensive log of any potential attacks without taking any action to prevent them. The logs can be found inside the same section and offer information about the nature of the attack, what IP address it originated from and what ModSecurity rule was initiated to stop it. For maximum security, we employ not simply commercial rules from a business operating in the field of web security, but also custom ones our administrators include personally so as to react to new threats which are still not dealt with in the commercial rules.

ModSecurity in Dedicated Web Hosting

All our dedicated servers that are set up with the Hepsia hosting CP feature ModSecurity, so any program which you upload or install will be secured from the very beginning and you will not have to bother about common attacks or vulnerabilities. A separate section in Hepsia will permit you to start or stop the firewall for any domain or subdomain, or turn on a detection mode so that it records information regarding intrusions, but does not take actions to stop them. What you will see in the logs can easily allow you to to secure your Internet sites better - the IP an attack originated from, what site was attacked and exactly how, what ModSecurity rule was triggered, and so on. With this info, you could see whether a website needs an update, if you should block IPs from accessing your web server, and so on. Besides the third-party commercial security rules for ModSecurity which we use, our admins add custom ones as well when they discover a new threat that's not yet in the commercial bundle.