ModSecurity in Cloud Website Hosting
ModSecurity comes by default with all cloud website hosting plans which we supply and it will be activated automatically for any domain or subdomain which you add/create inside your Hepsia hosting CP. The firewall has 3 different modes, so you can activate and disable it with only a click or set it to detection mode, so it shall keep a log of all attacks, but it will not do anything to prevent them. The log for each of your websites shall include elaborate information including the nature of the attack, where it originated from, what action was taken by ModSecurity, etcetera. The firewall rules which we use are regularly updated and consist of both commercial ones that we get from a third-party security business and custom ones which our system admins include in the event that they detect a new sort of attacks. In this way, the websites that you host here will be far more protected with no action required on your end.
ModSecurity in Semi-dedicated Servers
All semi-dedicated server plans which we offer feature ModSecurity and since the firewall is turned on by default, any Internet site that you build under a domain or a subdomain will be secured right from the start. An independent section in the Hepsia CP which comes with the semi-dedicated accounts is devoted to ModSecurity and it will enable you to stop and start the firewall for any site or enable a detection mode. With the last option, ModSecurity shall not take any action, but it'll still recognize possible attacks and will keep all information within a log as if it were fully active. The logs could be found inside the very same section of the CP and they offer specifics about the IP where an attack came from, what its nature was, what rule ModSecurity applies to recognize and stop it, and so on. The security rules we employ on our machines are a mix of commercial ones from a security business and custom ones made by our system administrators. As a result, we provide higher security for your web programs as we can protect them from attacks before security corporations release updates for brand new threats.
ModSecurity in VPS Servers
ModSecurity is pre-installed on all VPS servers which are set up with the Hepsia hosting CP, so your web apps will be protected from the instant your server is ready. The firewall is turned on by default for any domain or subdomain on the VPS, but if needed, you can deactivate it with a click via the corresponding section of Hepsia. You may also set it to operate in detection mode, so it shall keep a detailed log of any possible attacks without taking any action to prevent them. The logs are available in the same section and provide info about the nature of the attack, what IP address it originated from and what ModSecurity rule was initiated to stop it. For best security, we use not simply commercial rules from a company working in the field of web security, but also custom ones our administrators add manually in order to react to new risks that are still not addressed in the commercial rules.
ModSecurity in Dedicated Servers
ModSecurity is offered as standard with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain that you host or subdomain you create on the hosting server. Just in case that a web app does not work properly, you could either disable the firewall or set it to function in passive mode. The latter means that ModSecurity will maintain a log of any possible attack that may happen, but won't take any action to stop it. The logs generated in passive or active mode will provide you with additional details about the exact file that was attacked, the type of the attack and the IP address it came from, and so on. This information will allow you to choose what actions you can take to enhance the safety of your Internet sites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules which we use are updated constantly with a commercial pack from a third-party security company we work with, but sometimes our administrators add their own rules as well if they come across a new potential threat.