ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its performance and in case it discovers an intrusion attempt, it blocks it. The firewall also keeps a more thorough log for the website visitors than any server does, so you'll be able to monitor what is going on with your sites much better than if you rely simply on conventional logs. ModSecurity employs security rules based on which it helps prevent attacks. For example, it recognizes if anyone is attempting to log in to the admin area of a certain script a number of times or if a request is sent to execute a file with a specific command. In these situations these attempts set off the corresponding rules and the firewall software hinders the attempts instantly, and then records comprehensive details about them inside its logs. ModSecurity is one of the most effective software firewalls out there and it can easily protect your web applications against thousands of threats and vulnerabilities, especially if you don’t update them or their plugins regularly.

ModSecurity in Shared Web Hosting

ModSecurity comes standard with all shared web hosting plans that we offer and it will be activated automatically for any domain or subdomain that you add/create in your Hepsia hosting CP. The firewall has three different modes, so you could switch on and deactivate it with only a click or set it to detection mode, so it'll keep a log of all attacks, but it shall not do anything to stop them. The log for any of your sites will feature comprehensive information which includes the nature of the attack, where it came from, what action was taken by ModSecurity, and so forth. The firewall rules that we use are regularly updated and comprise of both commercial ones we get from a third-party security firm and custom ones our system admins add in case that they detect a new type of attacks. That way, the websites that you host here will be a lot more secure without any action needed on your end.

ModSecurity in Dedicated Servers Hosting

ModSecurity is included with all dedicated servers which are integrated with our Hepsia Control Panel and you'll not have to do anything specific on your end to employ it as it's turned on by default whenever you include a new domain or subdomain on your web server. In the event that it disrupts any of your apps, you'll be able to stop it through the respective part of Hepsia, or you may leave it working in passive mode, so it'll recognize attacks and will still maintain a log for them, but shall not block them. You could analyze the logs later to learn what you can do to enhance the safety of your websites as you shall find details such as where an intrusion attempt came from, what website was attacked and based on what rule ModSecurity reacted, etc. The rules which we use are commercial, therefore they are regularly updated by a security firm, but to be on the safe side, our administrators also add custom rules from time to time as to react to any new threats they have discovered.