ModSecurity in Web Hosting
ModSecurity is offered with every single web hosting solution which we provide and it is activated by default for any domain or subdomain which you include via your Hepsia CP. In case it interferes with any of your apps or you would like to disable it for some reason, you'll be able to do that through the ModSecurity area of Hepsia with merely a click. You can also use a passive mode, so the firewall will identify possible attacks and maintain a log, but shall not take any action. You can view detailed logs in the very same section, including the IP where the attack came from, exactly what the attacker attempted to do and at what time, what ModSecurity did, etcetera. For max protection of our customers we use a set of commercial firewall rules blended with custom ones which are provided by our system admins.
ModSecurity in Semi-dedicated Hosting
Any web program you install within your new semi-dedicated hosting account shall be protected by ModSecurity as the firewall comes with all our hosting solutions and is activated by default for any domain and subdomain that you add or create via your Hepsia hosting CP. You will be able to manage ModSecurity through a dedicated area inside Hepsia where not simply can you activate or deactivate it completely, but you may also enable a passive mode, so the firewall shall not block anything, but it shall still maintain an archive of potential attacks. This normally requires only a mouse click and you will be able to see the logs no matter if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was taken care of, etcetera. The firewall uses 2 sets of rules on our machines - a commercial one which we get from a third-party web security firm and a custom one which our administrators update personally as to respond to newly discovered risks as soon as possible.
ModSecurity in VPS Web Hosting
Protection is essential to us, so we install ModSecurity on all virtual private servers which are made available with the Hepsia CP by default. The firewall could be managed through a dedicated section in Hepsia and is activated automatically when you include a new domain or generate a subdomain, so you won't have to do anything manually. You will also be able to disable it or activate the so-called detection mode, so it will maintain a log of potential attacks that you can later study, but shall not block them. The logs in both passive and active modes include details about the kind of the attack and how it was eliminated, what IP address it came from and other useful info which may help you to tighten the security of your websites by updating them or blocking IPs, as an example. Besides the commercial rules which we get for ModSecurity from a third-party security company, we also employ our own rules as from time to time we find specific attacks that aren't yet present inside the commercial group. This way, we could increase the protection of your Virtual private server right away rather than waiting for an official update.
ModSecurity in Dedicated Servers Hosting
ModSecurity is offered by default with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain you create on the hosting server. In the event that a web app doesn't operate correctly, you could either switch off the firewall or set it to function in passive mode. The latter means that ModSecurity will keep a log of any potential attack that could occur, but won't take any action to prevent it. The logs generated in passive or active mode will offer you more details about the exact file which was attacked, the nature of the attack and the IP address it came from, etcetera. This data shall enable you to determine what actions you can take to enhance the safety of your Internet sites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules we employ are updated often with a commercial package from a third-party security firm we work with, but occasionally our admins include their own rules also when they come across a new potential threat.