ModSecurity in Web Hosting
We provide ModSecurity with all web hosting packages, so your web applications will be resistant to malicious attacks. The firewall is activated by default for all domains and subdomains, but if you'd like, you'll be able to stop it using the respective area of your Hepsia Control Panel. You'll be able to also switch on a detection mode, so ModSecurity will keep a log as intended, but shall not take any action. The logs that you shall find in Hepsia are very detailed and feature data about the nature of any attack, when it happened and from what IP address, the firewall rule which was triggered, and so on. We employ a set of commercial rules which are often updated, but sometimes our admins add custom rules as well in order to efficiently protect the Internet sites hosted on our machines.
ModSecurity in Semi-dedicated Servers
We have incorporated ModSecurity by default inside all semi-dedicated server packages, so your web apps will be protected whenever you install them under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts shall allow you to activate or disable the firewall for any website with a click. You shall also have the ability to activate a passive detection mode through which ModSecurity will keep a log of possible attacks without actually stopping them. The detailed logs include things like the nature of the attack and what ModSecurity response that attack triggered, where it came from, and so forth. The list of rules that we use is frequently updated in order to match any new threats which might appear on the Internet and it comes with both commercial rules that we get from a security corporation and custom-written ones which our admins include if they find a threat that's not present inside the commercial list yet.
ModSecurity in VPS Servers
ModSecurity comes with all Hepsia-based VPS servers which we offer and it'll be switched on automatically for every new domain or subdomain that you include on the web server. In this way, any web app that you install shall be secured immediately without doing anything manually on your end. The firewall could be managed via the section of the Control Panel that has the same name. This is the area whereyou could turn off ModSecurity or let its passive mode, so it shall not take any action against threats, but shall still maintain a comprehensive log. The recorded data is available inside the same area as well and you'll be able to see what IPs any attacks came from so that you block them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity responded. The rules we employ on our servers are a blend between commercial ones that we get from a security firm and custom ones which are added by our administrators to improve the security of any web applications hosted on our end.
ModSecurity in Dedicated Servers
ModSecurity is provided as standard with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain you create on the server. In case that a web app doesn't work adequately, you can either turn off the firewall or set it to function in passive mode. The latter means that ModSecurity shall maintain a log of any possible attack which might take place, but won't take any action to stop it. The logs generated in passive or active mode shall offer you more details about the exact file which was attacked, the type of the attack and the IP address it came from, and so on. This info shall allow you to decide what measures you can take to increase the security of your websites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules that we employ are updated often with a commercial bundle from a third-party security firm we work with, but from time to time our admins add their own rules also in case they find a new potential threat.