ModSecurity is a powerful firewall for Apache web servers that's employed to prevent attacks toward web apps. It tracks the HTTP traffic to a certain Internet site in real time and prevents any intrusion attempts the moment it discovers them. The firewall relies on a set of rules to do this - as an illustration, attempting to log in to a script administrator area without success several times triggers one rule, sending a request to execute a specific file which may result in accessing the Internet site triggers a different rule, etcetera. ModSecurity is among the best firewalls available on the market and it'll preserve even scripts which aren't updated often because it can prevent attackers from employing known exploits and security holes. Very detailed info about each and every intrusion attempt is recorded and the logs the firewall keeps are a lot more detailed than the regular logs generated by the Apache server, so you can later take a look at them and determine whether you need to take additional measures in order to boost the security of your script-driven websites.

ModSecurity in Cloud Hosting

ModSecurity is available on all cloud hosting web servers, so if you choose to host your Internet sites with our firm, they shall be resistant to a wide array of attacks. The firewall is turned on as standard for all domains and subdomains, so there will be nothing you shall have to do on your end. You will be able to stop ModSecurity for any site if necessary, or to switch on a detection mode, so all activity will be recorded, but the firewall shall not take any real action. You will be able to view comprehensive logs through your Hepsia Control Panel including the IP address where the attack came from, what the attacker wished to do and how ModSecurity addressed the threat. Since we take the protection of our clients' websites very seriously, we employ a set of commercial rules that we get from one of the top companies that maintain this type of rules. Our admins also add custom rules to ensure that your Internet sites shall be shielded from as many threats as possible.

ModSecurity in Semi-dedicated Hosting

Any web app that you install within your new semi-dedicated hosting account will be protected by ModSecurity because the firewall is provided with all our hosting plans and is turned on by default for any domain and subdomain that you add or create using your Hepsia hosting Control Panel. You shall be able to manage ModSecurity via a dedicated section in Hepsia where not only can you activate or deactivate it completely, but you could also switch on a passive mode, so the firewall will not block anything, but it'll still maintain a record of possible attacks. This requires simply a mouse click and you shall be able to see the logs regardless if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was taken care of, and so on. The firewall uses 2 groups of rules on our machines - a commercial one that we get from a third-party web security provider and a custom one that our administrators update manually in order to respond to recently discovered risks as quickly as possible.

ModSecurity in Dedicated Servers Hosting

When you opt to host your Internet sites on a dedicated server with the Hepsia Control Panel, your web apps shall be secured immediately since ModSecurity is provided with all Hepsia-based solutions. You shall be able to manage the firewall easily and if necessary, you shall be able to turn it off or enable its passive mode when it shall only keep a log of what's occurring without taking any action to stop possible attacks. The logs that you will find in the very same section of the CP are really detailed and contain information about the attacker IP, what website and file were attacked and in what way, what rule the firewall employed to prevent the intrusion, etcetera. This information shall enable you to take measures and improve the security of your websites even more. To be on the safe side, we employ not just commercial rules, but also custom-made ones that our administrators include when they detect attacks that haven't yet been included in the commercial pack.