ModSecurity in Hosting
ModSecurity is supplied with all hosting web servers, so if you decide to host your Internet sites with our company, they shall be shielded from a wide range of attacks. The firewall is turned on by default for all domains and subdomains, so there will be nothing you will need to do on your end. You shall be able to stop ModSecurity for any Internet site if needed, or to activate a detection mode, so all activity will be recorded, but the firewall shall not take any real action. You'll be able to view detailed logs via your Hepsia CP including the IP where the attack originated from, what the attacker wished to do and how ModSecurity dealt with the threat. As we take the protection of our customers' sites very seriously, we use a collection of commercial rules which we get from one of the best companies that maintain this type of rules. Our administrators also include custom rules to make sure that your websites will be protected against as many risks as possible.
ModSecurity in Semi-dedicated Servers
We've incorporated ModSecurity as a standard in all semi-dedicated server products, so your web applications will be protected as soon as you set them up under any domain or subdomain. The Hepsia Control Panel which is included with the semi-dedicated accounts shall permit you to activate or turn off the firewall for any Internet site with a mouse click. You shall also have the ability to switch on a passive detection mode in which ModSecurity shall keep a log of possible attacks without actually stopping them. The comprehensive logs contain the nature of the attack and what ModSecurity response this attack activated, where it came from, etc. The list of rules which we employ is frequently updated in order to match any new risks which could appear on the Internet and it features both commercial rules that we get from a security firm and custom-written ones that our admins add in the event that they discover a threat that's not present in the commercial list yet.
ModSecurity in VPS Servers
ModSecurity is pre-installed on all VPS servers which are offered with the Hepsia hosting CP, so your web apps shall be secured from the second your server is ready. The firewall is switched on by default for any domain or subdomain on the VPS, but if necessary, you could deactivate it with a click of your mouse via the corresponding section of Hepsia. You may also set it to work in detection mode, so it'll maintain a comprehensive log of any potential attacks without taking any action to prevent them. The logs are available within the very same section and provide information regarding the nature of the attack, what IP it came from and what ModSecurity rule was initiated to stop it. For maximum security, we employ not just commercial rules from a business operating in the field of web security, but also custom ones that our admins add personally so as to respond to new risks which are still not addressed in the commercial rules.
ModSecurity in Dedicated Servers
ModSecurity is offered by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain that you host or subdomain you create on the web server. In the event that a web application does not operate adequately, you may either disable the firewall or set it to work in passive mode. The latter means that ModSecurity will maintain a log of any possible attack that may take place, but won't take any action to prevent it. The logs created in passive or active mode shall offer you additional details about the exact file that was attacked, the nature of the attack and the IP it originated from, etcetera. This information shall enable you to determine what actions you can take to boost the protection of your Internet sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules that we use are updated constantly with a commercial pack from a third-party security company we work with, but occasionally our admins add their own rules too when they come across a new potential threat.