ModSecurity is an effective firewall for Apache web servers which is employed to stop attacks against web applications. It tracks the HTTP traffic to a given site in real time and prevents any intrusion attempts the moment it discovers them. The firewall uses a set of rules to do this - for example, attempting to log in to a script administrator area unsuccessfully a few times activates one rule, sending a request to execute a certain file which may result in accessing the site triggers a different rule, and so on. ModSecurity is among the best firewalls out there and it'll secure even scripts that are not updated on a regular basis because it can prevent attackers from using known exploits and security holes. Incredibly detailed information about each and every intrusion attempt is recorded and the logs the firewall maintains are a lot more specific than the conventional logs provided by the Apache server, so you can later examine them and decide whether you need to take extra measures in order to increase the safety of your script-driven websites.
ModSecurity in Shared Hosting
ModSecurity is supplied with all shared hosting web servers, so when you opt to host your websites with our business, they will be shielded from a wide array of attacks. The firewall is enabled as standard for all domains and subdomains, so there will be nothing you will have to do on your end. You'll be able to stop ModSecurity for any website if needed, or to switch on a detection mode, so that all activity will be recorded, but the firewall won't take any real action. You'll be able to view specific logs from your Hepsia Control Panel including the IP address where the attack originated from, what the attacker planned to do and how ModSecurity dealt with the threat. As we take the security of our clients' sites very seriously, we use a collection of commercial rules that we get from one of the leading companies that maintain this sort of rules. Our admins also include custom rules to make certain that your Internet sites shall be shielded from as many threats as possible.
ModSecurity in Semi-dedicated Servers
All semi-dedicated server plans which we offer feature ModSecurity and given that the firewall is enabled by default, any site that you set up under a domain or a subdomain will be secured straight away. A separate section within the Hepsia Control Panel that comes with the semi-dedicated accounts is devoted to ModSecurity and it will allow you to start and stop the firewall for any site or enable a detection mode. With the latter, ModSecurity shall not take any action, but it'll still detect possible attacks and shall keep all information inside a log as if it were completely active. The logs could be found inside the exact same section of the Control Panel and they offer details about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to recognize and stop it, and so on. The security rules that we use on our machines are a mix between commercial ones from a security company and custom ones made by our system admins. For that reason, we provide increased security for your web applications as we can protect them from attacks before security corporations release updates for brand new threats.
ModSecurity in Dedicated Servers
All of our dedicated servers which are installed with the Hepsia hosting CP feature ModSecurity, so any app you upload or set up will be properly secured from the very beginning and you will not need to concern yourself with common attacks or vulnerabilities. A separate section in Hepsia will enable you to start or stop the firewall for any domain or subdomain, or switch on a detection mode so that it records information about intrusions, but does not take actions to stop them. What you shall find in the logs can enable you to to secure your websites better - the IP an attack came from, what website was attacked and in what way, what ModSecurity rule was triggered, etcetera. With this information, you'll be able to see whether a site needs an update, if you should block IPs from accessing your web server, and so on. On top of the third-party commercial security rules for ModSecurity we use, our admins add custom ones too whenever they come across a new threat that is not yet included in the commercial bundle.