ModSecurity in Cloud Website Hosting
ModSecurity is provided with all cloud website hosting servers, so when you choose to host your sites with our organization, they'll be protected against a wide range of attacks. The firewall is enabled by default for all domains and subdomains, so there will be nothing you will need to do on your end. You will be able to stop ModSecurity for any website if needed, or to switch on a detection mode, so all activity will be recorded, but the firewall shall not take any real action. You shall be able to view detailed logs from your Hepsia CP including the IP where the attack originated from, what the attacker wanted to do and how ModSecurity handled the threat. As we take the protection of our customers' sites very seriously, we use a collection of commercial rules which we take from one of the top companies which maintain such rules. Our admins also add custom rules to make certain that your Internet sites will be resistant to as many risks as possible.
ModSecurity in Semi-dedicated Servers
We've included ModSecurity as a standard inside all semi-dedicated server packages, so your web applications will be protected the instant you set them up under any domain or subdomain. The Hepsia CP that is included with the semi-dedicated accounts shall allow you to enable or turn off the firewall for any Internet site with a mouse click. You will also have the ability to switch on a passive detection mode through which ModSecurity shall keep a log of possible attacks without actually stopping them. The comprehensive logs include the nature of the attack and what ModSecurity response this attack triggered, where it originated from, and so on. The list of rules we employ is regularly updated in order to match any new threats that could appear on the Internet and it includes both commercial rules that we get from a security firm and custom-written ones that our administrators include in the event that they discover a threat that's not present inside the commercial list yet.
ModSecurity in Dedicated Servers
ModSecurity is provided by default with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain which you create on the server. Just in case that a web application doesn't operate properly, you can either switch off the firewall or set it to function in passive mode. The latter means that ModSecurity will maintain a log of any possible attack which could happen, but will not take any action to prevent it. The logs created in passive or active mode will offer you additional details about the exact file which was attacked, the type of the attack and the IP it originated from, etc. This data will allow you to determine what steps you can take to improve the safety of your websites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules we use are updated regularly with a commercial bundle from a third-party security company we work with, but occasionally our administrators add their own rules too in case they discover a new potential threat.