ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its functionality and in case it detects an intrusion attempt, it blocks it. The firewall furthermore keeps a more thorough log for the website visitors than any web server does, so you shall manage to monitor what is happening with your sites much better than if you rely only on standard logs. ModSecurity works with security rules based on which it helps prevent attacks. For instance, it detects if somebody is trying to log in to the admin area of a certain script several times or if a request is sent to execute a file with a particular command. In such cases these attempts trigger the corresponding rules and the firewall blocks the attempts right away, after that records comprehensive details about them within its logs. ModSecurity is amongst the best software firewalls out there and it could easily protect your web applications against a huge number of threats and vulnerabilities, particularly in case you don’t update them or their plugins regularly.
ModSecurity in Cloud Web Hosting
ModSecurity is available with each and every cloud web hosting
plan which we provide and it's turned on by default for every domain or subdomain that you include through your Hepsia Control Panel. If it interferes with any of your programs or you'd like to disable it for any reason, you will be able to achieve that through the ModSecurity area of Hepsia with only a mouse click. You may also enable a passive mode, so the firewall will identify possible attacks and keep a log, but won't take any action. You can view comprehensive logs in the same section, including the IP where the attack originated from, what exactly the attacker attempted to do and at what time, what ModSecurity did, etcetera. For max safety of our customers we use a set of commercial firewall rules combined with custom ones which are provided by our system administrators.
ModSecurity in Semi-dedicated Hosting
We've incorporated ModSecurity as a standard in all semi-dedicated hosting
packages, so your web applications will be protected as soon as you install them under any domain or subdomain. The Hepsia CP that is included with the semi-dedicated accounts shall allow you to enable or turn off the firewall for any site with a click. You'll also be able to activate a passive detection mode in which ModSecurity shall maintain a log of potential attacks without really preventing them. The comprehensive logs include the nature of the attack and what ModSecurity response that attack generated, where it came from, etcetera. The list of rules which we use is constantly updated as to match any new risks which might appear on the Internet and it consists of both commercial rules that we get from a security business and custom-written ones that our admins include if they discover a threat that's not present inside the commercial list yet.
ModSecurity in VPS Web Hosting
ModSecurity is included with all Hepsia-based virtual private servers
we offer and it'll be switched on automatically for every new domain or subdomain that you add on the web server. In this way, any web application that you install shall be protected right from the start without doing anything manually on your end. The firewall may be managed through the section of the CP which bears the same name. This is the place in whichyou can turn off ModSecurity or let its passive mode, so it won't take any action against threats, but shall still keep a comprehensive log. The recorded information is available within the same section as well and you shall be able to see what IPs any attacks came from to enable you to stop them, what the nature of the attempted attacks was and based upon what security rules ModSecurity responded. The rules that we employ on our servers are a mixture between commercial ones we obtain from a security organization and custom ones that are added by our staff to improve the security of any web applications hosted on our end.
ModSecurity in Dedicated Servers Hosting
ModSecurity is provided with all dedicated servers
which are integrated with our Hepsia CP and you will not have to do anything specific on your end to use it because it is switched on by default each time you add a new domain or subdomain on your hosting server. In case it disrupts some of your apps, you shall be able to stop it through the respective section of Hepsia, or you can leave it operating in passive mode, so it'll detect attacks and shall still maintain a log for them, but shall not stop them. You'll be able to look at the logs later to learn what you can do to enhance the safety of your websites since you shall find details such as where an intrusion attempt originated from, what website was attacked and based upon what rule ModSecurity responded, etc. The rules which we employ are commercial, hence they're frequently updated by a security firm, but to be on the safe side, our staff also add custom rules every now and then as to react to any new threats they have found.