ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to an Internet site without affecting its operation and in case it identifies an intrusion attempt, it blocks it. The firewall also maintains a more comprehensive log for the website visitors than any server does, so you will be able to monitor what's happening with your sites better than if you rely only on conventional logs. ModSecurity employs security rules based on which it stops attacks. For instance, it identifies if somebody is attempting to log in to the administration area of a particular script several times or if a request is sent to execute a file with a certain command. In these instances these attempts trigger the corresponding rules and the firewall software hinders the attempts in real time, after that records comprehensive details about them within its logs. ModSecurity is among the most effective software firewalls available and it could easily protect your web applications against many threats and vulnerabilities, especially if you don’t update them or their plugins regularly.

ModSecurity in Website Hosting

ModSecurity is supplied with all website hosting servers, so when you opt to host your websites with our company, they shall be protected against an array of attacks. The firewall is turned on as standard for all domains and subdomains, so there'll be nothing you will have to do on your end. You shall be able to stop ModSecurity for any site if necessary, or to enable a detection mode, so all activity will be recorded, but the firewall will not take any real action. You'll be able to view specific logs using your Hepsia CP including the IP address where the attack came from, what the attacker wished to do and how ModSecurity dealt with the threat. As we take the security of our clients' Internet sites very seriously, we employ a set of commercial rules which we take from one of the leading firms that maintain such rules. Our administrators also include custom rules to ensure that your websites shall be protected against as many risks as possible.

ModSecurity in Semi-dedicated Hosting

ModSecurity is part of our semi-dedicated hosting plans and if you decide to host your Internet sites with our company, there won't be anything special you'll have to do since the firewall is switched on by default for all domains and subdomains which you include through your hosting CP. If necessary, you'll be able to disable ModSecurity for a given Internet site or switch on the so-called detection mode in which case the firewall shall still function and record information, but shall not do anything to stop potential attacks on your Internet sites. Thorough logs shall be accessible within your Control Panel and you shall be able to see what sort of attacks occurred, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks came from, etcetera. We use 2 kinds of rules on our servers - commercial ones from a firm which operates in the field of web security, and customized ones which our admins occasionally include to respond to newly identified risks on time.

ModSecurity in Dedicated Web Hosting

If you opt to host your websites on a dedicated server with the Hepsia CP, your web apps shall be secured straight away because ModSecurity is supplied with all Hepsia-based packages. You'll be able to control the firewall with ease and if required, you'll be able to turn it off or enable its passive mode when it shall only keep a log of what is taking place without taking any action to prevent potential attacks. The logs that you will find within the same section of the CP are incredibly detailed and contain information about the attacker IP address, what website and file were attacked and in what way, what rule the firewall used to stop the intrusion, and so on. This info will enable you to take measures and increase the protection of your Internet sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones which our admins include every time they recognize attacks which haven't yet been included within the commercial pack.