ModSecurity in Web Hosting
ModSecurity is available with each and every web hosting package that we offer and it is turned on by default for any domain or subdomain which you add through your Hepsia CP. In case it interferes with any of your applications or you would like to disable it for whatever reason, you will be able to achieve that through the ModSecurity section of Hepsia with simply a click. You could also use a passive mode, so the firewall will identify possible attacks and maintain a log, but won't take any action. You'll be able to view detailed logs in the same section, including the IP where the attack came from, what precisely the attacker attempted to do and at what time, what ModSecurity did, etc. For max safety of our clients we use a set of commercial firewall rules combined with custom ones that are added by our system administrators.
ModSecurity in Semi-dedicated Servers
We've incorporated ModSecurity as a standard in all semi-dedicated server packages, so your web apps will be protected as soon as you set them up under any domain or subdomain. The Hepsia CP that is included with the semi-dedicated accounts will permit you to switch on or turn off the firewall for any Internet site with a mouse click. You will also have the ability to turn on a passive detection mode in which ModSecurity shall maintain a log of possible attacks without actually stopping them. The detailed logs contain the nature of the attack and what ModSecurity response that attack activated, where it originated from, etcetera. The list of rules that we use is regularly updated as to match any new threats that may appear on the Internet and it comes with both commercial rules that we get from a security firm and custom-written ones that our admins add in the event that they find a threat which is not present in the commercial list yet.
ModSecurity in Dedicated Servers
ModSecurity is included with all dedicated servers which are integrated with our Hepsia Control Panel and you won't have to do anything specific on your end to employ it since it's enabled by default every time you include a new domain or subdomain on your server. If it disrupts any of your programs, you will be able to stop it through the respective part of Hepsia, or you can leave it operating in passive mode, so it'll identify attacks and shall still keep a log for them, but shall not prevent them. You'll be able to analyze the logs later to find out what you can do to boost the security of your websites since you'll find details such as where an intrusion attempt came from, what site was attacked and based on what rule ModSecurity responded, etc. The rules we employ are commercial, hence they are constantly updated by a security company, but to be on the safe side, our staff also add custom rules occasionally in order to respond to any new threats they have identified.