ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its operation and when it identifies an intrusion attempt, it blocks it. The firewall also keeps a more detailed log for the website visitors than any web server does, so you shall manage to monitor what's happening with your Internet sites much better than if you rely simply on conventional logs. ModSecurity uses security rules based on which it helps prevent attacks. For example, it identifies if anyone is attempting to log in to the administration area of a particular script a number of times or if a request is sent to execute a file with a particular command. In these circumstances these attempts trigger the corresponding rules and the software blocks the attempts right away, and then records detailed info about them in its logs. ModSecurity is amongst the most effective software firewalls on the market and it could easily protect your web applications against a huge number of threats and vulnerabilities, especially in case you don’t update them or their plugins regularly.

ModSecurity in Cloud Hosting

ModSecurity comes by default with all cloud hosting plans which we provide and it will be turned on automatically for any domain or subdomain you add/create inside your Hepsia hosting CP. The firewall has 3 different modes, so you'll be able to activate and disable it with only a mouse click or set it to detection mode, so it will keep a log of all attacks, but it shall not do anything to stop them. The log for each of your sites will contain comprehensive information which includes the nature of the attack, where it originated from, what action was taken by ModSecurity, etcetera. The firewall rules that we use are regularly updated and comprise of both commercial ones that we get from a third-party security company and custom ones our system admins include in case that they detect a new type of attacks. This way, the sites you host here shall be a lot more protected without any action needed on your end.

ModSecurity in Semi-dedicated Servers

We've integrated ModSecurity as a standard in all semi-dedicated server products, so your web applications will be protected whenever you install them under any domain or subdomain. The Hepsia Control Panel which is included with the semi-dedicated accounts will allow you to switch on or disable the firewall for any website with a mouse click. You shall also be able to switch on a passive detection mode with which ModSecurity will maintain a log of potential attacks without really stopping them. The thorough logs include the nature of the attack and what ModSecurity response that attack generated, where it came from, and so on. The list of rules that we use is regularly updated as to match any new risks which might appear on the Internet and it includes both commercial rules that we get from a security corporation and custom-written ones that our admins add in the event that they find a threat that's not present inside the commercial list yet.

ModSecurity in Dedicated Servers

ModSecurity is provided by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain that you host or subdomain that you create on the server. In the event that a web app doesn't function correctly, you can either disable the firewall or set it to operate in passive mode. The latter means that ModSecurity shall maintain a log of any potential attack that could happen, but shall not take any action to stop it. The logs generated in active or passive mode shall present you with additional details about the exact file which was attacked, the nature of the attack and the IP it came from, and so forth. This info shall allow you to determine what steps you can take to boost the protection of your Internet sites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules which we use are updated constantly with a commercial bundle from a third-party security company we work with, but occasionally our administrators include their own rules as well if they come across a new potential threat.