ModSecurity is a highly effective web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its functionality and when it discovers an intrusion attempt, it prevents it. The firewall furthermore maintains a more detailed log for the site visitors than any server does, so you shall manage to keep an eye on what is going on with your Internet sites a lot better than if you rely merely on standard logs. ModSecurity uses security rules based on which it helps prevent attacks. For instance, it identifies if someone is attempting to log in to the administration area of a specific script a number of times or if a request is sent to execute a file with a particular command. In these cases these attempts set off the corresponding rules and the firewall software blocks the attempts instantly, then records detailed info about them within its logs. ModSecurity is one of the most effective software firewalls available and it could easily protect your web applications against thousands of threats and vulnerabilities, especially if you don’t update them or their plugins often.

ModSecurity in Shared Hosting

ModSecurity is available with every shared hosting solution which we offer and it is switched on by default for any domain or subdomain which you include through your Hepsia CP. In case it disrupts any of your apps or you would like to disable it for any reason, you shall be able to achieve that through the ModSecurity area of Hepsia with merely a mouse click. You could also use a passive mode, so the firewall will recognize possible attacks and keep a log, but shall not take any action. You'll be able to view detailed logs in the very same section, including the IP where the attack originated from, what precisely the attacker tried to do and at what time, what ModSecurity did, etcetera. For max security of our customers we use a collection of commercial firewall rules mixed with custom ones that are included by our system administrators.

ModSecurity in VPS Servers

All VPS servers which are set up with the Hepsia Control Panel come with ModSecurity. The firewall is set up and switched on by default for all domains that are hosted on the machine, so there will not be anything special which you'll have to do to protect your sites. It shall take you simply a click to stop ModSecurity if necessary or to turn on its passive mode so that it records what happens without taking any steps to prevent intrusions. You will be able to see the logs produced in passive or active mode through the corresponding section of Hepsia and find out more about the form of the attack, where it came from, what rule the firewall used to tackle it, and so on. We use a combination of commercial and custom rules in order to make sure that ModSecurity shall block out as many threats as possible, thus increasing the protection of your web applications as much as possible.