ModSecurity is an efficient firewall for Apache web servers that is employed to prevent attacks toward web applications. It tracks the HTTP traffic to a certain website in real time and prevents any intrusion attempts as soon as it discovers them. The firewall uses a set of rules to do that - for example, attempting to log in to a script admin area unsuccessfully several times triggers one rule, sending a request to execute a specific file which may result in accessing the site triggers a different rule, and so forth. ModSecurity is among the best firewalls out there and it'll protect even scripts that are not updated on a regular basis because it can prevent attackers from using known exploits and security holes. Incredibly thorough info about each intrusion attempt is recorded and the logs the firewall keeps are much more comprehensive than the standard logs generated by the Apache server, so you may later take a look at them and determine whether you need to take more measures in order to increase the protection of your script-driven Internet sites.
ModSecurity in Shared Web Hosting
ModSecurity is provided with all shared web hosting machines, so when you decide to host your websites with our company, they shall be protected against a wide range of attacks. The firewall is enabled as standard for all domains and subdomains, so there will be nothing you'll need to do on your end. You will be able to stop ModSecurity for any Internet site if necessary, or to switch on a detection mode, so that all activity will be recorded, but the firewall will not take any real action. You'll be able to view comprehensive logs from your Hepsia Control Panel including the IP where the attack came from, what the attacker planned to do and how ModSecurity addressed the threat. As we take the safety of our clients' Internet sites very seriously, we use a selection of commercial rules that we take from one of the leading companies that maintain such rules. Our admins also add custom rules to make sure that your sites will be shielded from as many risks as possible.
ModSecurity in Semi-dedicated Servers
Any web app which you set up in your new semi-dedicated server account will be protected by ModSecurity as the firewall is included with all our hosting packages and is activated by default for any domain and subdomain that you add or create using your Hepsia hosting Control Panel. You shall be able to manage ModSecurity through a dedicated section inside Hepsia where not only can you activate or deactivate it completely, but you may also activate a passive mode, so the firewall shall not block anything, but it shall still keep a record of possible attacks. This requires just a click and you shall be able to look at the logs regardless if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was handled, etc. The firewall employs two groups of rules on our machines - a commercial one which we get from a third-party web security company and a custom one that our administrators update manually as to respond to newly discovered risks at the earliest opportunity.
ModSecurity in VPS Servers
ModSecurity is included with all Hepsia-based VPS servers we offer and it will be switched on automatically for every new domain or subdomain you add on the web server. That way, any web application that you install will be secured right from the start without doing anything by hand on your end. The firewall can be managed via the section of the Control Panel that bears the same name. This is the area whereyou can disable ModSecurity or enable its passive mode, so it won't take any action toward threats, but shall still maintain a thorough log. The recorded information is available inside the same area as well and you shall be able to see what IPs any attacks came from so that you can stop them, what the nature of the attempted attacks was and based on what security rules ModSecurity reacted. The rules which we use on our servers are a mix between commercial ones that we obtain from a security organization and custom ones which are added by our staff to improve the security of any web applications hosted on our end.
ModSecurity in Dedicated Servers
When you decide to host your sites on a dedicated server with the Hepsia CP, your web programs shall be secured right away since ModSecurity is supplied with all Hepsia-based solutions. You'll be able to manage the firewall effortlessly and if needed, you'll be able to turn it off or enable its passive mode when it will only keep a log of what is taking place without taking any action to prevent possible attacks. The logs which you can find in the exact same section of the CP are very detailed and contain details about the attacker IP address, what site and file were attacked and in what ways, what rule the firewall used to stop the intrusion, and so forth. This information will allow you to take measures and enhance the security of your Internet sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones which our staff add when they identify attacks which have not yet been included within the commercial pack.