ModSecurity in Cloud Hosting
We offer ModSecurity with all cloud hosting solutions, so your web apps shall be shielded from destructive attacks. The firewall is turned on as standard for all domains and subdomains, but if you'd like, you shall be able to stop it through the respective area of your Hepsia Control Panel. You'll be able to also switch on a detection mode, so ModSecurity shall keep a log as intended, but will not take any action. The logs that you will discover inside Hepsia are very detailed and include info about the nature of any attack, when it transpired and from what IP, the firewall rule which was triggered, and so forth. We employ a range of commercial rules that are frequently updated, but sometimes our administrators add custom rules as well so as to better protect the Internet sites hosted on our machines.
ModSecurity in Semi-dedicated Servers
We've integrated ModSecurity as a standard in all semi-dedicated server plans, so your web apps will be protected whenever you install them under any domain or subdomain. The Hepsia CP that is included with the semi-dedicated accounts will permit you to switch on or turn off the firewall for any site with a click. You shall also have the ability to switch on a passive detection mode with which ModSecurity shall keep a log of potential attacks without really preventing them. The comprehensive logs include the nature of the attack and what ModSecurity response this attack initiated, where it originated from, etc. The list of rules that we employ is constantly updated as to match any new risks which might appear on the Internet and it includes both commercial rules that we get from a security corporation and custom-written ones that our administrators include in the event that they find a threat that's not present within the commercial list yet.
ModSecurity in VPS Servers
ModSecurity comes with all Hepsia-based VPS servers that we offer and it will be turned on automatically for every new domain or subdomain that you include on the machine. In this way, any web application which you install will be protected from the very beginning without doing anything manually on your end. The firewall could be managed from the section of the CP that has the same name. This is the place whereyou could disable ModSecurity or enable its passive mode, so it won't take any action toward threats, but shall still keep a detailed log. The recorded information is available inside the same section as well and you shall be able to see what IPs any attacks originated from so that you can stop them, what the nature of the attempted attacks was and based on what security rules ModSecurity responded. The rules which we employ on our servers are a mixture between commercial ones which we obtain from a security company and custom ones that are added by our administrators to enhance the protection of any web apps hosted on our end.
ModSecurity in Dedicated Servers
ModSecurity is available as standard with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain you create on the hosting server. In the event that a web application doesn't work adequately, you may either disable the firewall or set it to work in passive mode. The latter means that ModSecurity shall keep a log of any possible attack that might occur, but shall not take any action to prevent it. The logs generated in active or passive mode shall offer you additional details about the exact file which was attacked, the form of the attack and the IP address it originated from, and so on. This info shall allow you to determine what measures you can take to improve the safety of your sites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we employ are updated often with a commercial bundle from a third-party security enterprise we work with, but occasionally our staff include their own rules as well in the event that they identify a new potential threat.