ModSecurity is a highly effective web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its operation and if it discovers an intrusion attempt, it prevents it. The firewall additionally keeps a more comprehensive log for the traffic than any web server does, so you will be able to monitor what's going on with your sites better than if you rely simply on conventional logs. ModSecurity employs security rules based on which it helps prevent attacks. For example, it detects whether anyone is attempting to log in to the administration area of a specific script several times or if a request is sent to execute a file with a particular command. In these instances these attempts set off the corresponding rules and the firewall blocks the attempts immediately, after that records detailed information about them inside its logs. ModSecurity is amongst the very best software firewalls available and it can protect your web apps against a large number of threats and vulnerabilities, especially in case you don’t update them or their plugins often.

ModSecurity in Shared Hosting

ModSecurity comes by default with all shared hosting solutions that we supply and it shall be turned on automatically for any domain or subdomain you add/create in your Hepsia hosting Control Panel. The firewall has three different modes, so you can switch on and deactivate it with only a mouse click or set it to detection mode, so it shall maintain a log of all attacks, but it will not do anything to prevent them. The log for each of your Internet sites will contain detailed information such as the nature of the attack, where it came from, what action was taken by ModSecurity, and so forth. The firewall rules that we use are regularly updated and comprise of both commercial ones that we get from a third-party security firm and custom ones that our system admins add in case that they detect a new sort of attacks. In this way, the websites which you host here will be way more secure without any action expected on your end.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server packages which we offer come with ModSecurity and since the firewall is enabled by default, any Internet site that you create under a domain or a subdomain will be protected right from the start. An independent section within the Hepsia Control Panel which comes with the semi-dedicated accounts is devoted to ModSecurity and it'll permit you to start and stop the firewall for any site or activate a detection mode. With the last mentioned, ModSecurity will not take any action, but it shall still detect possible attacks and shall keep all info in a log as if it were fully active. The logs could be found within the same section of the CP and they include information regarding the IP where an attack originated from, what its nature was, what rule ModSecurity applies to detect and stop it, etcetera. The security rules which we employ on our machines are a mix between commercial ones from a security firm and custom ones created by our system administrators. Consequently, we offer increased security for your web applications as we can defend them from attacks before security businesses release updates for completely new threats.

ModSecurity in Dedicated Servers

ModSecurity is available by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain that you create on the hosting server. In the event that a web app does not work correctly, you could either switch off the firewall or set it to work in passive mode. The second means that ModSecurity shall maintain a log of any possible attack which may occur, but won't take any action to stop it. The logs produced in active or passive mode shall offer you more details about the exact file that was attacked, the nature of the attack and the IP it originated from, etc. This information will enable you to choose what steps you can take to improve the protection of your sites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules which we use are updated frequently with a commercial package from a third-party security company we work with, but sometimes our staff include their own rules as well in the event that they find a new potential threat.