ModSecurity is a highly effective firewall for Apache web servers that is employed to prevent attacks toward web apps. It tracks the HTTP traffic to a particular website in real time and prevents any intrusion attempts as soon as it detects them. The firewall uses a set of rules to do that - as an illustration, attempting to log in to a script admin area without success many times activates one rule, sending a request to execute a specific file that could result in accessing the site triggers a different rule, and so forth. ModSecurity is among the best firewalls out there and it will protect even scripts that are not updated often because it can prevent attackers from employing known exploits and security holes. Quite detailed data about every single intrusion attempt is recorded and the logs the firewall keeps are much more specific than the conventional logs provided by the Apache server, so you may later examine them and decide if you need to take more measures so as to increase the safety of your script-driven sites.

ModSecurity in Hosting

ModSecurity is available with each and every hosting solution which we provide and it is activated by default for any domain or subdomain that you add through your Hepsia CP. If it interferes with any of your programs or you'd like to disable it for whatever reason, you'll be able to achieve that through the ModSecurity section of Hepsia with merely a mouse click. You can also enable a passive mode, so the firewall will detect potential attacks and maintain a log, but won't take any action. You'll be able to see extensive logs in the same section, including the IP where the attack originated from, what exactly the attacker attempted to do and at what time, what ModSecurity did, and so forth. For maximum protection of our clients we use a collection of commercial firewall rules blended with custom ones that are included by our system administrators.

ModSecurity in Semi-dedicated Hosting

ModSecurity is part of our semi-dedicated hosting packages and if you opt to host your websites with us, there shall not be anything special you'll need to do since the firewall is turned on by default for all domains and subdomains that you add through your hosting Control Panel. If required, you could disable ModSecurity for a given site or turn on the so-called detection mode in which case the firewall will still function and record data, but will not do anything to prevent possible attacks against your sites. In depth logs shall be accessible within your Control Panel and you'll be able to see which kind of attacks took place, what security rules were triggered and how the firewall addressed the threats, what IP addresses the attacks originated from, and so on. We use two kinds of rules on our servers - commercial ones from a business that operates in the field of web security, and custom made ones which our admins sometimes add to respond to newly discovered threats on time.

ModSecurity in VPS

Security is vital to us, so we install ModSecurity on all virtual private servers that are set up with the Hepsia Control Panel by default. The firewall can be managed through a dedicated section inside Hepsia and is switched on automatically when you add a new domain or create a subdomain, so you will not have to do anything by hand. You shall also be able to deactivate it or turn on the so-called detection mode, so it shall keep a log of potential attacks that you can later study, but shall not stop them. The logs in both passive and active modes offer details regarding the form of the attack and how it was stopped, what IP address it came from and other useful information that may help you to tighten the security of your sites by updating them or blocking IPs, for example. Beyond the commercial rules we get for ModSecurity from a third-party security company, we also use our own rules since once in a while we discover specific attacks which are not yet present in the commercial group. This way, we can increase the security of your Virtual private server instantly instead of waiting for a certified update.

ModSecurity in Dedicated Hosting

ModSecurity is provided as standard with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain that you create on the web server. In case that a web application doesn't operate correctly, you could either disable the firewall or set it to operate in passive mode. The second means that ModSecurity shall maintain a log of any potential attack that may take place, but will not take any action to prevent it. The logs created in active or passive mode shall provide you with more details about the exact file that was attacked, the type of the attack and the IP address it came from, and so on. This information will allow you to choose what actions you can take to improve the security of your websites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules we employ are updated regularly with a commercial bundle from a third-party security firm we work with, but occasionally our admins include their own rules also when they find a new potential threat.