ModSecurity in Shared Web Hosting
We offer ModSecurity with all shared web hosting packages, so your web apps shall be protected against harmful attacks. The firewall is turned on as standard for all domains and subdomains, but if you would like, you will be able to stop it via the respective area of your Hepsia CP. You can also activate a detection mode, so ModSecurity shall keep a log as intended, but shall not take any action. The logs that you shall find within Hepsia are extremely detailed and include information about the nature of any attack, when it took place and from what IP, the firewall rule which was triggered, and so forth. We employ a set of commercial rules that are regularly updated, but sometimes our administrators include custom rules as well so as to better protect the Internet sites hosted on our servers.
ModSecurity in Semi-dedicated Servers
Any web program that you install within your new semi-dedicated server account will be protected by ModSecurity since the firewall is provided with all our hosting packages and is turned on by default for any domain and subdomain which you add or create using your Hepsia hosting CP. You will be able to manage ModSecurity through a dedicated section in Hepsia where not only could you activate or deactivate it completely, but you can also enable a passive mode, so the firewall will not stop anything, but it shall still keep an archive of possible attacks. This requires just a click and you shall be able to look at the logs regardless if ModSecurity is in active or passive mode through the same section - what the attack was and where it came from, how it was handled, and so forth. The firewall employs two groups of rules on our web servers - a commercial one which we get from a third-party web security provider and a custom one which our administrators update personally in order to respond to newly discovered threats as soon as possible.
ModSecurity in VPS Servers
ModSecurity comes with all Hepsia-based VPS servers which we offer and it'll be activated automatically for any new domain or subdomain which you include on the server. That way, any web app you install shall be secured right away without doing anything manually on your end. The firewall can be handled from the section of the CP which has the same name. This is the location whereyou'll be able to turn off ModSecurity or activate its passive mode, so it won't take any action towards threats, but will still keep a detailed log. The recorded data is available in the same section as well and you'll be able to see what IPs any attacks originated from to enable you to stop them, what the nature of the attempted attacks was and based upon what security rules ModSecurity reacted. The rules which we use on our servers are a blend between commercial ones which we get from a security firm and custom ones that are added by our administrators to enhance the security of any web apps hosted on our end.
ModSecurity in Dedicated Servers
ModSecurity is provided by default with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain you create on the server. In the event that a web application does not work adequately, you can either disable the firewall or set it to work in passive mode. The latter means that ModSecurity shall keep a log of any potential attack which might happen, but will not take any action to stop it. The logs produced in passive or active mode shall give you more details about the exact file which was attacked, the form of the attack and the IP address it came from, and so forth. This data shall permit you to decide what steps you can take to boost the protection of your sites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we use are updated regularly with a commercial package from a third-party security company we work with, but sometimes our admins add their own rules also if they discover a new potential threat.