ModSecurity in Website Hosting
ModSecurity is available with each and every website hosting solution which we offer and it is turned on by default for every domain or subdomain that you include via your Hepsia CP. If it interferes with any of your programs or you would like to disable it for some reason, you shall be able to achieve that through the ModSecurity section of Hepsia with merely a click. You can also use a passive mode, so the firewall will discover possible attacks and keep a log, but will not take any action. You can see extensive logs in the exact same section, including the IP where the attack came from, exactly what the attacker attempted to do and at what time, what ModSecurity did, and so on. For maximum security of our clients we use a collection of commercial firewall rules combined with custom ones which are added by our system administrators.
ModSecurity in Semi-dedicated Servers
ModSecurity is a part of our semi-dedicated server solutions and if you decide to host your sites with our company, there won't be anything special you'll need to do given that the firewall is switched on by default for all domains and subdomains you add via your hosting CP. If required, you'll be able to disable ModSecurity for a given website or turn on the so-called detection mode in which case the firewall will still function and record info, but will not do anything to prevent possible attacks on your Internet sites. Detailed logs shall be readily available inside your Control Panel and you'll be able to see what sort of attacks happened, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks came from, and so forth. We employ 2 types of rules on our servers - commercial ones from a company that operates in the field of web security, and custom ones that our administrators often add to respond to newly discovered threats promptly.
ModSecurity in VPS Servers
Protection is very important to us, so we install ModSecurity on all VPS servers which are made available with the Hepsia Control Panel as a standard. The firewall can be managed via a dedicated section within Hepsia and is activated automatically when you add a new domain or create a subdomain, so you will not need to do anything by hand. You'll also be able to deactivate it or switch on the so-called detection mode, so it shall maintain a log of possible attacks that you can later analyze, but shall not prevent them. The logs in both passive and active modes contain details about the kind of the attack and how it was prevented, what IP address it originated from and other useful data that might help you to tighten the security of your Internet sites by updating them or blocking IPs, for instance. In addition to the commercial rules that we get for ModSecurity from a third-party security enterprise, we also use our own rules since from time to time we detect specific attacks that aren't yet present inside the commercial group. This way, we could improve the protection of your Virtual private server immediately rather than awaiting a certified update.
ModSecurity in Dedicated Servers
If you decide to host your websites on a dedicated server with the Hepsia Control Panel, your web applications shall be protected straight away because ModSecurity is available with all Hepsia-based solutions. You shall be able to manage the firewall effortlessly and if necessary, you will be able to turn it off or switch on its passive mode when it will only maintain a log of what is taking place without taking any action to stop potential attacks. The logs that you can find in the very same section of the Control Panel are quite detailed and feature data about the attacker IP, what website and file were attacked and in what way, what rule the firewall used to prevent the intrusion, and so on. This information will permit you to take measures and enhance the protection of your sites even more. To be on the safe side, we use not only commercial rules, but also custom-made ones which our administrators add when they recognize attacks that haven't yet been included in the commercial pack.