ModSecurity in Cloud Web Hosting
ModSecurity comes standard with all cloud web hosting plans which we provide and it will be switched on automatically for any domain or subdomain which you add/create within your Hepsia hosting CP. The firewall has three different modes, so you'll be able to switch on and disable it with a mouse click or set it to detection mode, so it shall maintain a log of all attacks, but it will not do anything to prevent them. The log for any of your sites will feature comprehensive information including the nature of the attack, where it came from, what action was taken by ModSecurity, etc. The firewall rules which we use are frequently updated and comprise of both commercial ones that we get from a third-party security firm and custom ones which our system admins add in the event that they detect a new type of attacks. This way, the sites that you host here shall be way more secure without any action expected on your end.
ModSecurity in Semi-dedicated Servers
All semi-dedicated server solutions which we offer include ModSecurity and given that the firewall is turned on by default, any Internet site you build under a domain or a subdomain will be secured right away. An independent section within the Hepsia CP which comes with the semi-dedicated accounts is devoted to ModSecurity and it'll allow you to start and stop the firewall for any Internet site or enable a detection mode. With the last option, ModSecurity will not take any action, but it will still recognize possible attacks and will keep all info inside a log as if it were 100% active. The logs can be found in the exact same section of the CP and they feature details about the IP where an attack came from, what its nature was, what rule ModSecurity applies to recognize and stop it, etc. The security rules that we use on our machines are a mix between commercial ones from a security business and custom ones developed by our system admins. Consequently, we provide increased security for your web apps as we can shield them from attacks before security businesses release updates for completely new threats.
ModSecurity in VPS Servers
ModSecurity is provided with all Hepsia-based VPS servers which we offer and it will be turned on automatically for every new domain or subdomain which you add on the hosting server. This way, any web app that you install shall be secured right from the start without doing anything by hand on your end. The firewall could be managed through the section of the CP that has the same name. This is the area in whichyou can disable ModSecurity or activate its passive mode, so it won't take any action against threats, but shall still maintain a thorough log. The recorded info is available in the same area as well and you will be able to see what IPs any attacks came from so that you can block them, what the nature of the attempted attacks was and based on what security rules ModSecurity responded. The rules we employ on our servers are a blend between commercial ones we get from a security company and custom ones which are included by our admins to maximize the protection of any web applications hosted on our end.
ModSecurity in Dedicated Servers
ModSecurity is provided by default with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain which you create on the web server. In the event that a web application does not operate properly, you can either disable the firewall or set it to work in passive mode. The second means that ModSecurity will keep a log of any possible attack that may occur, but won't take any action to stop it. The logs produced in passive or active mode will give you additional details about the exact file that was attacked, the form of the attack and the IP it came from, etc. This info shall allow you to decide what actions you can take to boost the protection of your Internet sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules which we use are updated constantly with a commercial bundle from a third-party security enterprise we work with, but from time to time our staff include their own rules also in the event that they discover a new potential threat.