ModSecurity is a potent web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its performance and if it identifies an intrusion attempt, it blocks it. The firewall additionally maintains a more thorough log for the site visitors than any server does, so you'll manage to keep an eye on what's going on with your Internet sites better than if you rely merely on standard logs. ModSecurity works with security rules based on which it stops attacks. For example, it recognizes if someone is attempting to log in to the administrator area of a given script multiple times or if a request is sent to execute a file with a certain command. In such cases these attempts set off the corresponding rules and the firewall software blocks the attempts in real time, after that records comprehensive information about them inside its logs. ModSecurity is one of the best software firewalls available and it could easily protect your web apps against thousands of threats and vulnerabilities, particularly in case you don’t update them or their plugins often.

ModSecurity in Cloud Hosting

ModSecurity is provided with all cloud hosting servers, so if you decide to host your Internet sites with our organization, they'll be protected against an array of attacks. The firewall is enabled by default for all domains and subdomains, so there shall be nothing you will have to do on your end. You shall be able to stop ModSecurity for any site if necessary, or to activate a detection mode, so that all activity will be recorded, but the firewall will not take any real action. You'll be able to view specific logs using your Hepsia Control Panel including the IP address where the attack came from, what the attacker wanted to do and how ModSecurity dealt with the threat. As we take the security of our clients' sites very seriously, we use a selection of commercial rules that we get from one of the best companies that maintain such rules. Our admins also add custom rules to make sure that your sites will be protected against as many risks as possible.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server plans which we offer come with ModSecurity and since the firewall is enabled by default, any Internet site that you set up under a domain or a subdomain shall be secured right from the start. An independent section within the Hepsia CP which comes with the semi-dedicated accounts is devoted to ModSecurity and it shall permit you to start and stop the firewall for any website or activate a detection mode. With the latter, ModSecurity won't take any action, but it will still detect possible attacks and shall keep all data within a log as if it were completely active. The logs could be found inside the very same section of the Control Panel and they offer info about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to identify and stop it, and so on. The security rules that we employ on our machines are a mix of commercial ones from a security company and custom ones made by our system admins. For that reason, we offer greater security for your web apps as we can shield them from attacks even before security businesses release updates for new threats.

ModSecurity in Dedicated Servers

If you opt to host your websites on a dedicated server with the Hepsia CP, your web apps shall be protected right from the start since ModSecurity is supplied with all Hepsia-based plans. You shall be able to control the firewall without difficulty and if necessary, you shall be able to turn it off or enable its passive mode when it'll only keep a log of what is happening without taking any action to stop potential attacks. The logs which you can find in the exact same section of the CP are really detailed and include info about the attacker IP, what site and file were attacked and in what way, what rule the firewall employed to stop the intrusion, and so forth. This info shall enable you to take measures and boost the protection of your websites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones which our administrators include every time they identify attacks which have not yet been included inside the commercial pack.