ModSecurity is a powerful web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its functionality and when it detects an intrusion attempt, it prevents it. The firewall furthermore maintains a more thorough log for the site visitors than any web server does, so you will manage to monitor what is happening with your Internet sites better than if you rely only on conventional logs. ModSecurity works with security rules based on which it helps prevent attacks. For example, it detects if somebody is trying to log in to the admin area of a specific script a number of times or if a request is sent to execute a file with a particular command. In such circumstances these attempts set off the corresponding rules and the software hinders the attempts in real time, then records detailed info about them inside its logs. ModSecurity is among the very best software firewalls on the market and it can protect your web apps against many threats and vulnerabilities, particularly if you don’t update them or their plugins frequently.
ModSecurity in Web Hosting
ModSecurity is provided with all web hosting servers, so when you choose to host your websites with our company, they'll be shielded from an array of attacks. The firewall is turned on by default for all domains and subdomains, so there will be nothing you'll need to do on your end. You shall be able to stop ModSecurity for any site if necessary, or to switch on a detection mode, so that all activity shall be recorded, but the firewall won't take any real action. You will be able to view specific logs using your Hepsia CP including the IP address where the attack came from, what the attacker wished to do and how ModSecurity addressed the threat. As we take the protection of our clients' sites seriously, we employ a selection of commercial rules that we take from one of the leading companies that maintain such rules. Our administrators also add custom rules to make certain that your sites will be resistant to as many threats as possible.
ModSecurity in Semi-dedicated Hosting
We have integrated ModSecurity by default within all semi-dedicated hosting packages, so your web apps will be protected the instant you install them under any domain or subdomain. The Hepsia Control Panel which is included with the semi-dedicated accounts shall allow you to switch on or disable the firewall for any site with a mouse click. You'll also be able to turn on a passive detection mode in which ModSecurity will maintain a log of potential attacks without really stopping them. The thorough logs include things like the nature of the attack and what ModSecurity response that attack triggered, where it came from, and so forth. The list of rules which we use is frequently updated as to match any new risks that could appear on the Internet and it features both commercial rules that we get from a security company and custom-written ones that our administrators add in the event that they find a threat which is not present within the commercial list yet.
ModSecurity in VPS Hosting
ModSecurity is pre-installed on all virtual private servers which are set up with the Hepsia hosting CP, so your web applications shall be secured from the instant your server is ready. The firewall is activated by default for any domain or subdomain on the VPS, but if needed, you'll be able to deactivate it with a click from the corresponding section of Hepsia. You may also set it to work in detection mode, so it shall keep a detailed log of any potential attacks without taking any action to stop them. The logs can be found within the same section and include information regarding the nature of the attack, what IP address it came from and what ModSecurity rule was initiated to stop it. For best security, we use not simply commercial rules from a firm operating in the field of web security, but also custom ones our admins add manually in order to react to new risks which are still not dealt with in the commercial rules.
ModSecurity in Dedicated Web Hosting
ModSecurity is provided with all dedicated servers that are integrated with our Hepsia Control Panel and you'll not have to do anything specific on your end to use it because it's switched on by default every time you add a new domain or subdomain on your hosting server. In case it interferes with any of your programs, you will be able to stop it through the respective part of Hepsia, or you could leave it working in passive mode, so it will recognize attacks and shall still maintain a log for them, but won't stop them. You could look at the logs later to determine what you can do to enhance the protection of your websites as you shall find details such as where an intrusion attempt originated from, what site was attacked and in accordance with what rule ModSecurity reacted, and so forth. The rules which we use are commercial, therefore they're frequently updated by a security company, but to be on the safe side, our staff also include custom rules once in a while as to react to any new threats they have found.