ModSecurity in Cloud Web Hosting
ModSecurity is available on all cloud web hosting machines, so if you decide to host your sites with our company, they shall be shielded from an array of attacks. The firewall is enabled as standard for all domains and subdomains, so there will be nothing you shall need to do on your end. You'll be able to stop ModSecurity for any Internet site if required, or to activate a detection mode, so that all activity will be recorded, but the firewall won't take any real action. You will be able to view comprehensive logs from your Hepsia CP including the IP where the attack came from, what the attacker wished to do and how ModSecurity dealt with the threat. As we take the safety of our clients' Internet sites very seriously, we employ a collection of commercial rules that we take from one of the leading companies which maintain this kind of rules. Our admins also add custom rules to ensure that your websites will be protected against as many threats as possible.
ModSecurity in Semi-dedicated Hosting
Any web application which you set up inside your new semi-dedicated hosting account will be protected by ModSecurity because the firewall is included with all our hosting solutions and is turned on by default for any domain and subdomain that you include or create using your Hepsia hosting CP. You shall be able to manage ModSecurity via a dedicated section within Hepsia where not simply could you activate or deactivate it completely, but you could also activate a passive mode, so the firewall shall not block anything, but it will still maintain a record of potential attacks. This requires just a click and you'll be able to see the logs regardless if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was dealt with, and so on. The firewall uses 2 groups of rules on our web servers - a commercial one which we get from a third-party web security firm and a custom one which our admins update manually as to respond to newly discovered risks as fast as possible.
ModSecurity in VPS
Safety is vital to us, so we set up ModSecurity on all virtual private servers which are made available with the Hepsia Control Panel by default. The firewall could be managed through a dedicated section inside Hepsia and is activated automatically when you add a new domain or create a subdomain, so you won't need to do anything by hand. You will also be able to disable it or switch on the so-called detection mode, so it shall keep a log of potential attacks you can later examine, but shall not stop them. The logs in both passive and active modes offer info regarding the type of the attack and how it was eliminated, what IP address it originated from and other valuable info which may help you to tighten the security of your websites by updating them or blocking IPs, for example. Besides the commercial rules that we get for ModSecurity from a third-party security enterprise, we also implement our own rules because from time to time we identify specific attacks which aren't yet present inside the commercial package. That way, we could increase the protection of your VPS instantly rather than awaiting an official update.
ModSecurity in Dedicated Hosting
ModSecurity is offered by default with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain that you create on the web server. Just in case that a web app does not operate adequately, you could either turn off the firewall or set it to work in passive mode. The latter means that ModSecurity shall keep a log of any possible attack that may take place, but will not take any action to prevent it. The logs produced in passive or active mode shall give you additional details about the exact file which was attacked, the type of the attack and the IP address it originated from, and so forth. This information shall permit you to determine what measures you can take to improve the safety of your Internet sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules which we employ are updated often with a commercial package from a third-party security enterprise we work with, but sometimes our administrators add their own rules too in case they discover a new potential threat.