ModSecurity in Shared Hosting
We provide ModSecurity with all shared hosting solutions, so your web apps will be protected against harmful attacks. The firewall is activated by default for all domains and subdomains, but if you would like, you'll be able to stop it through the respective section of your Hepsia Control Panel. You could also activate a detection mode, so ModSecurity shall keep a log as intended, but will not take any action. The logs which you shall find in Hepsia are very detailed and include data about the nature of any attack, when it occurred and from what IP, the firewall rule which was triggered, etcetera. We employ a set of commercial rules that are regularly updated, but sometimes our admins include custom rules as well so as to better protect the Internet sites hosted on our machines.
ModSecurity in Semi-dedicated Servers
ModSecurity is a part of our semi-dedicated server plans and if you choose to host your Internet sites with us, there shall not be anything special you'll have to do as the firewall is turned on by default for all domains and subdomains you include via your hosting CP. If required, you'll be able to disable ModSecurity for a given Internet site or enable the so-called detection mode in which case the firewall will still function and record information, but shall not do anything to prevent possible attacks against your websites. Thorough logs shall be accessible in your Control Panel and you will be able to see what sort of attacks occurred, what security rules were triggered and how the firewall addressed the threats, what Internet protocol addresses the attacks originated from, and so on. We use 2 kinds of rules on our servers - commercial ones from a firm that operates in the field of web security, and custom made ones that our administrators sometimes add to respond to newly identified risks on time.
ModSecurity in VPS Servers
Protection is essential to us, so we install ModSecurity on all VPS servers which are provided with the Hepsia CP by default. The firewall can be managed through a dedicated section inside Hepsia and is switched on automatically when you include a new domain or create a subdomain, so you'll not need to do anything manually. You will also be able to deactivate it or activate the so-called detection mode, so it shall keep a log of possible attacks which you can later analyze, but will not block them. The logs in both passive and active modes offer information about the form of the attack and how it was stopped, what IP address it originated from and other valuable info that could help you to tighten the security of your websites by updating them or blocking IPs, for example. Beyond the commercial rules that we get for ModSecurity from a third-party security company, we also implement our own rules because every now and then we find specific attacks which are not yet present inside the commercial pack. This way, we could improve the protection of your VPS right away rather than waiting for an official update.
ModSecurity in Dedicated Servers
ModSecurity is provided with all dedicated servers which are integrated with our Hepsia Control Panel and you'll not need to do anything specific on your end to use it because it is switched on by default whenever you add a new domain or subdomain on your web server. In the event that it interferes with any of your applications, you will be able to stop it through the respective area of Hepsia, or you could leave it working in passive mode, so it'll identify attacks and shall still keep a log for them, but won't prevent them. You'll be able to analyze the logs later to find out what you can do to boost the protection of your Internet sites since you will find details such as where an intrusion attempt originated from, what site was attacked and based upon what rule ModSecurity reacted, etcetera. The rules that we employ are commercial, thus they're frequently updated by a security firm, but to be on the safe side, our staff also include custom rules occasionally as to deal with any new threats they have found.