ModSecurity in Shared Hosting
ModSecurity comes by default with all shared hosting plans that we provide and it shall be switched on automatically for any domain or subdomain that you add/create within your Hepsia hosting CP. The firewall has 3 different modes, so you can activate and disable it with just a mouse click or set it to detection mode, so it'll maintain a log of all attacks, but it'll not do anything to prevent them. The log for any of your websites shall feature detailed information including the nature of the attack, where it originated from, what action was taken by ModSecurity, etc. The firewall rules which we use are frequently updated and comprise of both commercial ones which we get from a third-party security company and custom ones that our system admins include in case that they detect a new type of attacks. In this way, the sites that you host here shall be much more secure without any action needed on your end.
ModSecurity in Semi-dedicated Hosting
Any web application that you install within your new semi-dedicated hosting account shall be protected by ModSecurity as the firewall comes with all our hosting plans and is switched on by default for any domain and subdomain which you add or create using your Hepsia hosting Control Panel. You shall be able to manage ModSecurity through a dedicated area in Hepsia where not simply could you activate or deactivate it completely, but you can also activate a passive mode, so the firewall shall not stop anything, but it will still maintain an archive of possible attacks. This requires just a mouse click and you shall be able to see the logs regardless of if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was addressed, and so on. The firewall employs 2 groups of rules on our web servers - a commercial one which we get from a third-party web security company and a custom one which our administrators update personally as to respond to newly discovered risks at the earliest opportunity.
ModSecurity in VPS
Protection is extremely important to us, so we set up ModSecurity on all virtual private servers that are provided with the Hepsia CP by default. The firewall can be managed via a dedicated section inside Hepsia and is switched on automatically when you include a new domain or create a subdomain, so you won't have to do anything personally. You'll also be able to deactivate it or switch on the so-called detection mode, so it'll maintain a log of possible attacks you can later study, but won't stop them. The logs in both passive and active modes offer info regarding the type of the attack and how it was stopped, what IP address it originated from and other important data that may help you to tighten the security of your Internet sites by updating them or blocking IPs, for instance. In addition to the commercial rules which we get for ModSecurity from a third-party security company, we also implement our own rules as occasionally we find specific attacks which aren't yet present inside the commercial group. That way, we can improve the protection of your VPS right away as opposed to awaiting a certified update.
ModSecurity in Dedicated Hosting
When you opt to host your sites on a dedicated server with the Hepsia Control Panel, your web applications will be secured right away since ModSecurity is provided with all Hepsia-based plans. You will be able to control the firewall without difficulty and if necessary, you will be able to turn it off or switch on its passive mode when it shall only keep a log of what is taking place without taking any action to stop possible attacks. The logs which you will find within the same section of the CP are very detailed and contain data about the attacker IP address, what site and file were attacked and in what way, what rule the firewall used to prevent the intrusion, and so forth. This data shall allow you to take measures and boost the protection of your sites even more. To be on the safe side, we use not only commercial rules, but also custom-made ones which our admins include when they identify attacks that haven't yet been included in the commercial pack.