ModSecurity is a powerful web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its overall performance and when it identifies an intrusion attempt, it blocks it. The firewall furthermore keeps a more thorough log for the website visitors than any web server does, so you will manage to monitor what is happening with your sites a lot better than if you rely only on conventional logs. ModSecurity works with security rules based on which it prevents attacks. For instance, it identifies whether somebody is trying to log in to the administration area of a given script several times or if a request is sent to execute a file with a certain command. In these cases these attempts trigger the corresponding rules and the software blocks the attempts instantly, then records in-depth information about them inside its logs. ModSecurity is among the very best software firewalls on the market and it can easily protect your web apps against thousands of threats and vulnerabilities, particularly if you don’t update them or their plugins regularly.

ModSecurity in Shared Website Hosting

ModSecurity comes standard with all shared website hosting plans which we provide and it'll be turned on automatically for any domain or subdomain that you add/create within your Hepsia hosting CP. The firewall has 3 different modes, so you can activate and deactivate it with just a mouse click or set it to detection mode, so it will keep a log of all attacks, but it will not do anything to stop them. The log for any of your sites shall contain comprehensive info which includes the nature of the attack, where it originated from, what action was taken by ModSecurity, etc. The firewall rules which we use are regularly updated and incorporate both commercial ones which we get from a third-party security firm and custom ones that our system admins include in case that they detect a new type of attacks. This way, the Internet sites you host here shall be a lot more protected with no action expected on your end.

ModSecurity in Semi-dedicated Servers

ModSecurity is a part of our semi-dedicated server plans and if you opt to host your Internet sites with us, there shall not be anything special you'll need to do given that the firewall is activated by default for all domains and subdomains which you add via your hosting CP. If needed, you can disable ModSecurity for a certain Internet site or turn on the so-called detection mode in which case the firewall will still function and record information, but won't do anything to stop possible attacks against your sites. Comprehensive logs will be accessible within your CP and you shall be able to see what type of attacks occurred, what security rules were triggered and how the firewall addressed the threats, what IP addresses the attacks came from, and so forth. We employ two types of rules on our servers - commercial ones from an organization which operates in the field of web security, and customized ones that our admins occasionally add to respond to newly discovered risks in a timely manner.

ModSecurity in Dedicated Servers

ModSecurity is offered by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain that you host or subdomain which you create on the server. Just in case that a web app doesn't function adequately, you could either turn off the firewall or set it to operate in passive mode. The latter means that ModSecurity shall keep a log of any potential attack which might happen, but won't take any action to prevent it. The logs generated in passive or active mode shall provide you with additional details about the exact file that was attacked, the nature of the attack and the IP address it originated from, and so on. This info shall allow you to decide what steps you can take to enhance the security of your websites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules we use are updated regularly with a commercial bundle from a third-party security firm we work with, but sometimes our admins include their own rules as well when they discover a new potential threat.