ModSecurity is an effective firewall for Apache web servers which is employed to prevent attacks against web applications. It tracks the HTTP traffic to a specific website in real time and stops any intrusion attempts the moment it detects them. The firewall uses a set of rules to do this - for example, attempting to log in to a script admin area without success many times activates one rule, sending a request to execute a particular file that could result in gaining access to the site triggers another rule, and so on. ModSecurity is among the best firewalls out there and it will secure even scripts that aren't updated on a regular basis because it can prevent attackers from employing known exploits and security holes. Quite comprehensive data about every single intrusion attempt is recorded and the logs the firewall maintains are a lot more detailed than the regular logs provided by the Apache server, so you may later examine them and decide if you need to take extra measures so as to improve the protection of your script-driven Internet sites.

ModSecurity in Cloud Hosting

ModSecurity is available on all cloud hosting machines, so if you choose to host your sites with our business, they'll be protected against a wide range of attacks. The firewall is enabled by default for all domains and subdomains, so there'll be nothing you shall have to do on your end. You'll be able to stop ModSecurity for any Internet site if required, or to switch on a detection mode, so all activity will be recorded, but the firewall won't take any real action. You shall be able to view detailed logs using your Hepsia Control Panel including the IP where the attack originated from, what the attacker wanted to do and how ModSecurity dealt with the threat. As we take the security of our customers' sites very seriously, we employ a collection of commercial rules which we get from one of the top firms that maintain this type of rules. Our admins also add custom rules to make certain that your sites will be protected against as many risks as possible.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting plans that we offer feature ModSecurity and because the firewall is turned on by default, any site that you set up under a domain or a subdomain shall be secured immediately. An individual section inside the Hepsia CP that comes with the semi-dedicated accounts is devoted to ModSecurity and it shall allow you to stop and start the firewall for any site or enable a detection mode. With the latter, ModSecurity will not take any action, but it shall still identify possible attacks and will keep all information within a log as if it were fully active. The logs can be found inside the very same section of the CP and they offer information regarding the IP where an attack originated from, what its nature was, what rule ModSecurity applies to detect and stop it, and so forth. The security rules that we use on our machines are a mix of commercial ones from a security company and custom ones developed by our system admins. For that reason, we offer increased security for your web applications as we can defend them from attacks even before security businesses release updates for completely new threats.

ModSecurity in Dedicated Hosting

All our dedicated servers which are set up with the Hepsia hosting Control Panel include ModSecurity, so any application you upload or install will be properly secured from the very beginning and you'll not need to stress about common attacks or vulnerabilities. A separate section within Hepsia will permit you to start or stop the firewall for each and every domain or subdomain, or switch on a detection mode so that it records details about intrusions, but does not take actions to prevent them. What you will see in the logs shall help you to secure your Internet sites better - the IP address an attack came from, what site was attacked and in what way, what ModSecurity rule was triggered, etc. With this information, you could see whether an Internet site needs an update, if you need to block IPs from accessing your server, etcetera. In addition to the third-party commercial security rules for ModSecurity that we use, our admins add custom ones too every time they come across a new threat that is not yet a part of the commercial bundle.