ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its performance and when it detects an intrusion attempt, it blocks it. The firewall furthermore maintains a more detailed log for the traffic than any server does, so you will manage to keep an eye on what is going on with your Internet sites better than if you rely merely on standard logs. ModSecurity works with security rules based on which it prevents attacks. For instance, it recognizes if someone is trying to log in to the administrator area of a certain script a number of times or if a request is sent to execute a file with a certain command. In these instances these attempts set off the corresponding rules and the firewall software blocks the attempts in real time, and then records detailed details about them in its logs. ModSecurity is among the best software firewalls available and it can protect your web apps against thousands of threats and vulnerabilities, particularly if you don’t update them or their plugins often.

ModSecurity in Shared Hosting

ModSecurity is available with every single shared hosting plan that we offer and it is activated by default for every domain or subdomain that you add via your Hepsia Control Panel. If it interferes with any of your programs or you would like to disable it for whatever reason, you will be able to accomplish that through the ModSecurity section of Hepsia with merely a mouse click. You could also enable a passive mode, so the firewall will recognize possible attacks and keep a log, but shall not take any action. You'll be able to view comprehensive logs in the very same section, including the IP address where the attack originated from, exactly what the attacker tried to do and at what time, what ModSecurity did, and so on. For max protection of our customers we use a collection of commercial firewall rules mixed with custom ones which are added by our system admins.

ModSecurity in Semi-dedicated Hosting

Any web app you install within your new semi-dedicated hosting account will be protected by ModSecurity because the firewall is included with all our hosting solutions and is activated by default for any domain and subdomain that you include or create using your Hepsia hosting Control Panel. You'll be able to manage ModSecurity through a dedicated section within Hepsia where not only can you activate or deactivate it entirely, but you can also enable a passive mode, so the firewall will not block anything, but it shall still keep a record of potential attacks. This normally requires only a mouse click and you'll be able to see the logs regardless if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was addressed, etcetera. The firewall uses two groups of rules on our servers - a commercial one which we get from a third-party web security company and a custom one that our admins update personally as to respond to newly discovered threats as quickly as possible.

ModSecurity in Dedicated Servers Hosting

ModSecurity comes with all dedicated servers which are integrated with our Hepsia Control Panel and you will not need to do anything specific on your end to use it because it is activated by default every time you include a new domain or subdomain on your server. In case it interferes with any of your programs, you shall be able to stop it via the respective area of Hepsia, or you may leave it working in passive mode, so it'll recognize attacks and will still keep a log for them, but will not prevent them. You'll be able to analyze the logs later to learn what you can do to boost the safety of your Internet sites as you'll find details such as where an intrusion attempt came from, what website was attacked and based upon what rule ModSecurity responded, etcetera. The rules that we use are commercial, hence they're regularly updated by a security firm, but to be on the safe side, our admins also include custom rules from time to time as to react to any new threats they have identified.