ModSecurity

: Hosting Terminology; Disk Space; Hepsia Control Panel; Hosted Domains; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Customer Support; Bandwidth; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Order Now

ModSecurity is an efficient firewall for Apache web servers that is used to stop attacks towards web applications. It monitors the HTTP traffic to a given website in real time and blocks any intrusion attempts as soon as it identifies them. The firewall uses a set of rules to accomplish that - for example, attempting to log in to a script administration area without success a few times sets off one rule, sending a request to execute a specific file that may result in getting access to the site triggers a different rule, and so forth. ModSecurity is one of the best firewalls available on the market and it will protect even scripts which are not updated regularly as it can prevent attackers from employing known exploits and security holes. Incredibly detailed data about every intrusion attempt is recorded and the logs the firewall keeps are considerably more detailed than the standard logs created by the Apache server, so you can later examine them and decide whether you need to take additional measures so as to increase the protection of your script-driven sites.

ModSecurity in Cloud Website Hosting

We offer ModSecurity with all cloud website hosting solutions, so your web apps shall be protected against malicious attacks. The firewall is activated as standard for all domains and subdomains, but if you'd like, you'll be able to stop it using the respective area of your Hepsia Control Panel. You'll be able to also activate a detection mode, so ModSecurity will keep a log as intended, but won't take any action. The logs which you'll find within Hepsia are very detailed and feature information about the nature of any attack, when it transpired and from what IP address, the firewall rule that was triggered, and so on. We employ a group of commercial rules that are constantly updated, but sometimes our admins include custom rules as well in order to efficiently protect the sites hosted on our servers.

ModSecurity in Semi-dedicated Servers

We have integrated ModSecurity by default in all semi-dedicated server plans, so your web applications will be protected whenever you set them up under any domain or subdomain. The Hepsia CP that is included with the semi-dedicated accounts shall allow you to switch on or disable the firewall for any site with a mouse click. You'll also be able to turn on a passive detection mode through which ModSecurity will keep a log of possible attacks without really stopping them. The detailed logs include the nature of the attack and what ModSecurity response this attack caused, where it originated from, and so on. The list of rules we use is constantly updated as to match any new threats which may appear on the Internet and it includes both commercial rules that we get from a security firm and custom-written ones which our administrators include in the event that they find a threat that's not present in the commercial list yet.

ModSecurity in VPS Servers

Safety is very important to us, so we install ModSecurity on all VPS servers which are provided with the Hepsia Control Panel by default. The firewall could be managed through a dedicated section in Hepsia and is switched on automatically when you add a new domain or create a subdomain, so you'll not need to do anything manually. You will also be able to disable it or turn on the so-called detection mode, so it will maintain a log of possible attacks that you can later analyze, but shall not block them. The logs in both passive and active modes offer information about the form of the attack and how it was eliminated, what IP it came from and other valuable information which might help you to tighten the security of your sites by updating them or blocking IPs, as an example. On top of the commercial rules which we get for ModSecurity from a third-party security company, we also employ our own rules as every now and then we detect specific attacks that are not yet present in the commercial group. This way, we can easily enhance the security of your Virtual private server promptly as opposed to waiting for a certified update.

ModSecurity in Dedicated Servers

ModSecurity is provided with all dedicated servers that are integrated with our Hepsia Control Panel and you won't have to do anything specific on your end to use it as it is switched on by default whenever you include a new domain or subdomain on your server. In case it interferes with some of your apps, you shall be able to stop it via the respective area of Hepsia, or you may leave it in passive mode, so it will recognize attacks and will still keep a log for them, but shall not stop them. You can examine the logs later to learn what you can do to improve the security of your sites since you will find info such as where an intrusion attempt came from, what Internet site was attacked and based on what rule ModSecurity responded, etc. The rules which we employ are commercial, therefore they're regularly updated by a security firm, but to be on the safe side, our staff also include custom rules once in a while as to react to any new threats they have found.