ModSecurity in Shared Hosting
We provide ModSecurity with all shared hosting packages, so your web apps will be protected against destructive attacks. The firewall is switched on as standard for all domains and subdomains, but in case you'd like, you will be able to stop it via the respective section of your Hepsia CP. You'll be able to also switch on a detection mode, so ModSecurity will keep a log as intended, but won't take any action. The logs that you will find in Hepsia are very detailed and feature information about the nature of any attack, when it happened and from what IP, the firewall rule which was triggered, and so forth. We use a set of commercial rules which are often updated, but sometimes our admins include custom rules as well so as to better protect the sites hosted on our servers.
ModSecurity in Semi-dedicated Hosting
Any web program you install inside your new semi-dedicated hosting account shall be protected by ModSecurity because the firewall comes with all our hosting packages and is turned on by default for any domain and subdomain you add or create through your Hepsia hosting CP. You'll be able to manage ModSecurity via a dedicated section inside Hepsia where not only can you activate or deactivate it fully, but you may also enable a passive mode, so the firewall shall not stop anything, but it'll still maintain an archive of possible attacks. This normally requires just a click and you shall be able to see the logs regardless if ModSecurity is in active or passive mode through the same section - what the attack was and where it came from, how it was addressed, etc. The firewall employs two groups of rules on our web servers - a commercial one that we get from a third-party web security provider and a custom one that our administrators update personally in order to respond to recently discovered threats at the earliest opportunity.
ModSecurity in VPS
Security is of the utmost importance to us, so we install ModSecurity on all virtual private servers that are provided with the Hepsia CP as a standard. The firewall can be managed through a dedicated section in Hepsia and is turned on automatically when you add a new domain or create a subdomain, so you won't need to do anything personally. You'll also be able to disable it or activate the so-called detection mode, so it will maintain a log of potential attacks you can later study, but will not block them. The logs in both passive and active modes contain information about the kind of the attack and how it was stopped, what IP address it came from and other important info which may help you to tighten the security of your Internet sites by updating them or blocking IPs, for instance. In addition to the commercial rules we get for ModSecurity from a third-party security firm, we also implement our own rules as from time to time we discover specific attacks that aren't yet present inside the commercial group. This way, we could increase the security of your VPS right away as opposed to awaiting a certified update.
ModSecurity in Dedicated Hosting
ModSecurity is available as standard with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain which you create on the server. Just in case that a web app does not work properly, you can either switch off the firewall or set it to operate in passive mode. The latter means that ModSecurity will keep a log of any potential attack which might occur, but won't take any action to prevent it. The logs generated in passive or active mode shall provide you with additional details about the exact file that was attacked, the form of the attack and the IP address it originated from, and so on. This information will allow you to choose what measures you can take to enhance the safety of your Internet sites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules we use are updated often with a commercial pack from a third-party security enterprise we work with, but sometimes our administrators add their own rules also in case they identify a new potential threat.