ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its functionality and if it discovers an intrusion attempt, it blocks it. The firewall additionally maintains a more comprehensive log for the site visitors than any web server does, so you will manage to monitor what is going on with your websites much better than if you rely simply on standard logs. ModSecurity uses security rules based on which it prevents attacks. For example, it detects whether somebody is trying to log in to the administrator area of a given script a number of times or if a request is sent to execute a file with a certain command. In such instances these attempts trigger the corresponding rules and the software hinders the attempts immediately, and then records comprehensive info about them in its logs. ModSecurity is one of the most effective software firewalls out there and it could easily protect your web apps against thousands of threats and vulnerabilities, particularly if you don’t update them or their plugins often.
ModSecurity in Shared Website Hosting
ModSecurity is available on all shared website hosting machines, so when you decide to host your websites with our organization, they will be resistant to an array of attacks. The firewall is turned on as standard for all domains and subdomains, so there'll be nothing you shall have to do on your end. You will be able to stop ModSecurity for any Internet site if needed, or to activate a detection mode, so all activity shall be recorded, but the firewall will not take any real action. You'll be able to view comprehensive logs through your Hepsia Control Panel including the IP where the attack came from, what the attacker wished to do and how ModSecurity dealt with the threat. As we take the protection of our customers' Internet sites very seriously, we employ a selection of commercial rules which we take from one of the leading companies which maintain this type of rules. Our administrators also add custom rules to make certain that your websites will be shielded from as many risks as possible.
ModSecurity in Semi-dedicated Hosting
We have included ModSecurity by default in all semi-dedicated hosting packages, so your web applications will be protected the instant you set them up under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts shall permit you to enable or disable the firewall for any site with a mouse click. You will also be able to turn on a passive detection mode in which ModSecurity will keep a log of possible attacks without really stopping them. The comprehensive logs contain the nature of the attack and what ModSecurity response this attack initiated, where it came from, and so forth. The list of rules we use is constantly updated as to match any new risks which could appear on the Internet and it features both commercial rules that we get from a security firm and custom-written ones which our admins include if they discover a threat that is not present inside the commercial list yet.
ModSecurity in VPS
ModSecurity is pre-installed on all virtual private servers that are provided with the Hepsia hosting Control Panel, so your web programs will be secured from the moment your server is in a position. The firewall is turned on by default for any domain or subdomain on the Virtual Private Server, but if required, you'll be able to disable it with a mouse click through the corresponding section of Hepsia. You can also set it to work in detection mode, so it'll maintain an extensive log of any possible attacks without taking any action to prevent them. The logs can be found inside the same section and provide info about the nature of the attack, what IP it came from and what ModSecurity rule was initiated to stop it. For best security, we use not just commercial rules from a business working in the field of web security, but also custom ones that our administrators include personally in order to respond to new threats which are still not tackled in the commercial rules.
ModSecurity in Dedicated Hosting
All of our dedicated servers that are installed with the Hepsia hosting CP feature ModSecurity, so any program you upload or set up will be protected from the very beginning and you won't need to bother about common attacks or vulnerabilities. An individual section within Hepsia will allow you to start or stop the firewall for every domain or subdomain, or turn on a detection mode so that it records details about intrusions, but doesn't take actions to stop them. What you will find in the logs can easily enable you to to secure your sites better - the IP address an attack came from, what site was attacked and exactly how, what ModSecurity rule was triggered, etc. With this information, you'll be able to see if a website needs an update, if you should block IPs from accessing your server, and so on. On top of the third-party commercial security rules for ModSecurity that we use, our administrators add custom ones as well every time they discover a new threat which is not yet in the commercial bundle.