ModSecurity in Shared Website Hosting
We provide ModSecurity with all shared website hosting solutions, so your web apps will be protected against malicious attacks. The firewall is switched on by default for all domains and subdomains, but in case you'd like, you shall be able to stop it using the respective part of your Hepsia CP. You can also activate a detection mode, so ModSecurity shall keep a log as intended, but will not take any action. The logs that you will find inside Hepsia are incredibly detailed and feature data about the nature of any attack, when it happened and from what IP, the firewall rule which was triggered, and so forth. We use a group of commercial rules which are regularly updated, but sometimes our administrators add custom rules as well in order to efficiently protect the sites hosted on our machines.
ModSecurity in VPS
ModSecurity is provided with all Hepsia-based virtual private servers that we offer and it'll be turned on automatically for any new domain or subdomain which you include on the web server. That way, any web application which you install shall be secured immediately without doing anything personally on your end. The firewall may be managed from the section of the Control Panel that has the same name. This is the place in whichyou can turn off ModSecurity or enable its passive mode, so it will not take any action toward threats, but will still keep a thorough log. The recorded information is available inside the same area as well and you will be able to see what IPs any attacks came from so that you block them, what the nature of the attempted attacks was and based on what security rules ModSecurity reacted. The rules that we employ on our servers are a combination between commercial ones that we get from a security company and custom ones which are added by our admins to improve the security of any web apps hosted on our end.
ModSecurity in Dedicated Hosting
ModSecurity is included with all dedicated servers which are set up with our Hepsia CP and you will not need to do anything specific on your end to use it as it is turned on by default each time you include a new domain or subdomain on your web server. In the event that it disrupts some of your programs, you shall be able to stop it via the respective area of Hepsia, or you may leave it working in passive mode, so it shall identify attacks and shall still keep a log for them, but won't stop them. You can examine the logs later to learn what you can do to increase the safety of your websites as you'll find info such as where an intrusion attempt originated from, what website was attacked and based on what rule ModSecurity responded, and so on. The rules which we use are commercial, thus they're regularly updated by a security firm, but to be on the safe side, our administrators also include custom rules once in a while as to respond to any new threats they have discovered.