ModSecurity in Website Hosting
ModSecurity comes standard with all website hosting solutions which we offer and it shall be activated automatically for any domain or subdomain that you add/create within your Hepsia hosting Control Panel. The firewall has 3 different modes, so you could switch on and deactivate it with only a click or set it to detection mode, so it will maintain a log of all attacks, but it will not do anything to prevent them. The log for any of your Internet sites shall feature detailed information such as the nature of the attack, where it originated from, what action was taken by ModSecurity, and so forth. The firewall rules which we use are frequently updated and include both commercial ones which we get from a third-party security firm and custom ones that our system administrators add in case that they detect a new kind of attacks. This way, the websites that you host here shall be much more protected without any action needed on your end.
ModSecurity in Semi-dedicated Servers
All semi-dedicated server plans which we offer come with ModSecurity and given that the firewall is enabled by default, any Internet site that you create under a domain or a subdomain will be protected right away. An individual section in the Hepsia Control Panel which comes with the semi-dedicated accounts is dedicated to ModSecurity and it will enable you to stop and start the firewall for any Internet site or switch on a detection mode. With the last mentioned, ModSecurity won't take any action, but it shall still recognize possible attacks and will keep all info inside a log as if it were fully active. The logs can be found in the very same section of the CP and they feature info about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to identify and stop it, and so on. The security rules we employ on our servers are a mix between commercial ones from a security business and custom ones created by our system administrators. Consequently, we provide increased security for your web programs as we can protect them from attacks before security businesses release updates for brand new threats.
ModSecurity in VPS Servers
ModSecurity is pre-installed on all VPS servers which are offered with the Hepsia hosting Control Panel, so your web applications shall be protected from the moment your server is in a position. The firewall is activated by default for any domain or subdomain on the VPS, but if necessary, you'll be able to deactivate it with a click of your mouse via the corresponding section of Hepsia. You could also set it to operate in detection mode, so it shall keep a detailed log of any possible attacks without taking any action to stop them. The logs are available inside the same section and offer information about the nature of the attack, what IP address it came from and what ModSecurity rule was activated to stop it. For best security, we use not simply commercial rules from a firm operating in the field of web security, but also custom ones which our admins add manually so as to respond to new risks that are still not addressed in the commercial rules.
ModSecurity in Dedicated Servers
ModSecurity is offered by default with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain that you create on the hosting server. Just in case that a web app does not function adequately, you may either disable the firewall or set it to operate in passive mode. The second means that ModSecurity shall maintain a log of any potential attack which might occur, but shall not take any action to prevent it. The logs created in passive or active mode will give you more details about the exact file that was attacked, the type of the attack and the IP address it originated from, etc. This data will allow you to determine what measures you can take to boost the protection of your websites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we employ are updated frequently with a commercial package from a third-party security enterprise we work with, but occasionally our staff include their own rules too in the event that they identify a new potential threat.