ModSecurity is a powerful web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its functionality and when it identifies an intrusion attempt, it prevents it. The firewall furthermore maintains a more thorough log for the site visitors than any server does, so you will manage to keep an eye on what's going on with your websites much better than if you rely merely on conventional logs. ModSecurity employs security rules based on which it helps prevent attacks. For example, it recognizes if somebody is attempting to log in to the administrator area of a particular script several times or if a request is sent to execute a file with a specific command. In these situations these attempts trigger the corresponding rules and the firewall software hinders the attempts right away, and then records in-depth details about them inside its logs. ModSecurity is amongst the most effective software firewalls out there and it can easily protect your web applications against a large number of threats and vulnerabilities, particularly in case you don’t update them or their plugins often.
ModSecurity in Hosting
ModSecurity is supplied with all hosting servers, so when you choose to host your websites with our firm, they'll be resistant to a wide array of attacks. The firewall is enabled as standard for all domains and subdomains, so there shall be nothing you'll need to do on your end. You'll be able to stop ModSecurity for any site if required, or to switch on a detection mode, so that all activity will be recorded, but the firewall won't take any real action. You shall be able to view specific logs from your Hepsia Control Panel including the IP address where the attack came from, what the attacker planned to do and how ModSecurity addressed the threat. As we take the protection of our clients' sites very seriously, we use a group of commercial rules which we get from one of the leading companies that maintain this type of rules. Our admins also include custom rules to make certain that your sites shall be resistant to as many risks as possible.
ModSecurity in Semi-dedicated Hosting
All semi-dedicated hosting solutions that we offer come with ModSecurity and since the firewall is turned on by default, any site you build under a domain or a subdomain shall be secured right away. An individual section within the Hepsia CP that comes with the semi-dedicated accounts is dedicated to ModSecurity and it shall enable you to stop and start the firewall for any site or switch on a detection mode. With the last option, ModSecurity will not take any action, but it'll still identify possible attacks and shall keep all data in a log as if it were fully active. The logs can be found inside the same section of the Control Panel and they include information about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to detect and stop it, and so on. The security rules that we use on our web servers are a mix of commercial ones from a security business and custom ones developed by our system administrators. As a result, we provide greater security for your web apps as we can shield them from attacks before security corporations release updates for completely new threats.
ModSecurity in Dedicated Servers Hosting
All our dedicated servers which are set up with the Hepsia hosting CP include ModSecurity, so any program you upload or install will be protected from the very beginning and you'll not have to stress about common attacks or vulnerabilities. An individual section in Hepsia will enable you to start or stop the firewall for each domain or subdomain, or turn on a detection mode so that it records details about intrusions, but doesn't take actions to stop them. What you'll discover in the logs can easily enable you to to secure your websites better - the IP address an attack came from, what website was attacked as well as how, what ModSecurity rule was triggered, etc. With this information, you'll be able to see whether a site needs an update, whether you should block IPs from accessing your hosting server, and so on. Besides the third-party commercial security rules for ModSecurity that we use, our admins include custom ones as well when they discover a new threat which is not yet in the commercial bundle.