ModSecurity in Shared Website Hosting
We offer ModSecurity with all shared website hosting plans, so your web applications will be resistant to harmful attacks. The firewall is turned on as standard for all domains and subdomains, but in case you would like, you shall be able to stop it via the respective area of your Hepsia CP. You can also switch on a detection mode, so ModSecurity shall keep a log as intended, but shall not take any action. The logs that you'll discover in Hepsia are very detailed and feature information about the nature of any attack, when it occurred and from what IP address, the firewall rule that was triggered, etcetera. We use a range of commercial rules which are regularly updated, but sometimes our admins add custom rules as well in order to efficiently protect the sites hosted on our machines.
ModSecurity in VPS Servers
ModSecurity is pre-installed on all VPS servers which are offered with the Hepsia hosting Control Panel, so your web applications shall be secured from the second your server is in a position. The firewall is turned on by default for any domain or subdomain on the Virtual Private Server, but if required, you can deactivate it with a click through the corresponding section of Hepsia. You could also set it to function in detection mode, so it will keep a comprehensive log of any potential attacks without taking any action to stop them. The logs are available within the very same section and provide details about the nature of the attack, what IP address it came from and what ModSecurity rule was triggered to stop it. For best security, we use not simply commercial rules from a firm working in the field of web security, but also custom ones our administrators include manually in order to react to new risks that are still not addressed in the commercial rules.
ModSecurity in Dedicated Servers
ModSecurity is available as standard with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain which you create on the server. In case that a web app does not operate properly, you could either turn off the firewall or set it to operate in passive mode. The second means that ModSecurity will maintain a log of any possible attack that could take place, but will not take any action to stop it. The logs created in passive or active mode will provide you with additional details about the exact file that was attacked, the form of the attack and the IP address it came from, and so on. This data will enable you to choose what actions you can take to improve the security of your websites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules we employ are updated constantly with a commercial package from a third-party security company we work with, but occasionally our staff include their own rules also when they come across a new potential threat.