ModSecurity is a potent web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its operation and in case it identifies an intrusion attempt, it blocks it. The firewall additionally maintains a more comprehensive log for the traffic than any server does, so you shall be able to keep track of what's happening with your sites better than if you rely only on conventional logs. ModSecurity uses security rules based on which it helps prevent attacks. For instance, it identifies if someone is attempting to log in to the administrator area of a given script multiple times or if a request is sent to execute a file with a certain command. In such cases these attempts trigger the corresponding rules and the software blocks the attempts in real time, and then records in-depth info about them inside its logs. ModSecurity is one of the very best software firewalls available and it can protect your web apps against a large number of threats and vulnerabilities, particularly in case you don’t update them or their plugins often.

ModSecurity in Cloud Hosting

ModSecurity is supplied with all cloud hosting web servers, so when you choose to host your websites with our business, they shall be shielded from a wide array of attacks. The firewall is turned on by default for all domains and subdomains, so there will be nothing you'll need to do on your end. You will be able to stop ModSecurity for any site if required, or to switch on a detection mode, so that all activity will be recorded, but the firewall shall not take any real action. You will be able to view comprehensive logs through your Hepsia Control Panel including the IP where the attack came from, what the attacker wanted to do and how ModSecurity handled the threat. Since we take the safety of our customers' sites very seriously, we use a selection of commercial rules which we take from one of the best companies that maintain this kind of rules. Our admins also add custom rules to make certain that your sites will be resistant to as many threats as possible.

ModSecurity in Semi-dedicated Servers

ModSecurity is part of our semi-dedicated server solutions and if you choose to host your sites with our company, there shall not be anything special you will have to do since the firewall is activated by default for all domains and subdomains you add via your hosting CP. If required, you'll be able to disable ModSecurity for a given site or switch on the so-called detection mode in which case the firewall will still work and record info, but will not do anything to stop potential attacks against your Internet sites. Detailed logs will be available within your CP and you'll be able to see which kind of attacks happened, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks came from, etcetera. We employ two sorts of rules on our servers - commercial ones from a business that operates in the field of web security, and custom made ones which our admins sometimes include to respond to newly found risks on time.

ModSecurity in Dedicated Servers

All of our dedicated servers that are set up with the Hepsia hosting CP come with ModSecurity, so any program that you upload or set up will be properly secured from the very beginning and you will not have to stress about common attacks or vulnerabilities. A separate section in Hepsia will enable you to start or stop the firewall for every domain or subdomain, or switch on a detection mode so that it records info about intrusions, but doesn't take actions to prevent them. What you shall discover in the logs shall enable you to to secure your sites better - the IP address an attack came from, what website was attacked and in what way, what ModSecurity rule was triggered, etcetera. With this info, you'll be able to see whether a website needs an update, whether you need to block IPs from accessing your server, etc. On top of the third-party commercial security rules for ModSecurity which we use, our administrators include custom ones as well whenever they discover a new threat which is not yet in the commercial bundle.