ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its functionality and in case it detects an intrusion attempt, it prevents it. The firewall additionally keeps a more comprehensive log for the website visitors than any web server does, so you will manage to keep an eye on what is happening with your websites better than if you rely simply on conventional logs. ModSecurity employs security rules based on which it helps prevent attacks. For instance, it recognizes whether somebody is trying to log in to the admin area of a specific script multiple times or if a request is sent to execute a file with a particular command. In such cases these attempts set off the corresponding rules and the firewall software blocks the attempts right away, and then records in-depth information about them in its logs. ModSecurity is amongst the best software firewalls out there and it can easily protect your web apps against thousands of threats and vulnerabilities, especially if you don’t update them or their plugins often.

ModSecurity in Cloud Hosting

ModSecurity is supplied with all cloud hosting servers, so if you choose to host your Internet sites with our firm, they will be shielded from a wide range of attacks. The firewall is turned on by default for all domains and subdomains, so there'll be nothing you shall need to do on your end. You shall be able to stop ModSecurity for any site if necessary, or to enable a detection mode, so all activity shall be recorded, but the firewall shall not take any real action. You will be able to view detailed logs via your Hepsia CP including the IP address where the attack originated from, what the attacker planned to do and how ModSecurity addressed the threat. As we take the protection of our customers' Internet sites very seriously, we use a group of commercial rules which we get from one of the top firms that maintain such rules. Our administrators also include custom rules to ensure that your sites will be shielded from as many risks as possible.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server plans which we offer feature ModSecurity and because the firewall is switched on by default, any website which you build under a domain or a subdomain will be secured straight away. An individual section in the Hepsia CP that comes with the semi-dedicated accounts is devoted to ModSecurity and it will enable you to start and stop the firewall for any website or enable a detection mode. With the last mentioned, ModSecurity will not take any action, but it will still identify possible attacks and will keep all data within a log as if it were completely active. The logs can be found inside the very same section of the CP and they feature specifics about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to recognize and stop it, etcetera. The security rules we employ on our web servers are a mix of commercial ones from a security company and custom ones created by our system administrators. For that reason, we provide higher security for your web applications as we can defend them from attacks even before security firms release updates for new threats.

ModSecurity in Dedicated Servers

ModSecurity is provided with all dedicated servers which are set up with our Hepsia CP and you won't have to do anything specific on your end to use it because it's enabled by default whenever you add a new domain or subdomain on your web server. In the event that it interferes with some of your applications, you shall be able to stop it through the respective part of Hepsia, or you could leave it working in passive mode, so it'll recognize attacks and shall still maintain a log for them, but shall not prevent them. You can look at the logs later to determine what you can do to boost the security of your Internet sites since you will find details such as where an intrusion attempt came from, what site was attacked and based upon what rule ModSecurity responded, etc. The rules which we use are commercial, thus they are regularly updated by a security firm, but to be on the safe side, our administrators also add custom rules from time to time in order to react to any new threats they have identified.