ModSecurity

: Glossary; Disk Space; Hepsia Control Panel; Domains Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Customer Support; Data Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Get Started

ModSecurity is a highly effective firewall for Apache web servers that is used to stop attacks against web applications. It keeps track of the HTTP traffic to a particular site in real time and stops any intrusion attempts as soon as it identifies them. The firewall uses a set of rules to accomplish that - as an example, attempting to log in to a script administrator area unsuccessfully many times sets off one rule, sending a request to execute a certain file which could result in getting access to the Internet site triggers another rule, and so forth. ModSecurity is one of the best firewalls on the market and it'll protect even scripts which are not updated often since it can prevent attackers from employing known exploits and security holes. Quite thorough information about each and every intrusion attempt is recorded and the logs the firewall maintains are far more detailed than the standard logs created by the Apache server, so you could later take a look at them and determine if you need to take additional measures in order to increase the safety of your script-driven Internet sites.

ModSecurity in Cloud Hosting

ModSecurity is supplied with all cloud hosting web servers, so when you choose to host your websites with our firm, they will be protected against a wide range of attacks. The firewall is enabled as standard for all domains and subdomains, so there will be nothing you shall have to do on your end. You will be able to stop ModSecurity for any Internet site if needed, or to switch on a detection mode, so that all activity will be recorded, but the firewall won't take any real action. You shall be able to view detailed logs via your Hepsia CP including the IP where the attack originated from, what the attacker planned to do and how ModSecurity handled the threat. As we take the protection of our clients' websites seriously, we use a set of commercial rules which we get from one of the best companies which maintain this type of rules. Our administrators also include custom rules to make sure that your Internet sites will be shielded from as many threats as possible.

ModSecurity in Semi-dedicated Servers

We've integrated ModSecurity by default in all semi-dedicated server packages, so your web applications shall be protected as soon as you install them under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts shall allow you to activate or turn off the firewall for any site with a click. You will also have the ability to switch on a passive detection mode with which ModSecurity will keep a log of potential attacks without actually preventing them. The detailed logs include the nature of the attack and what ModSecurity response that attack generated, where it came from, etc. The list of rules that we employ is frequently updated in order to match any new risks which may appear on the Internet and it comes with both commercial rules that we get from a security company and custom-written ones that our admins add if they discover a threat that's not present inside the commercial list yet.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are offered with the Hepsia hosting Control Panel, so your web applications will be protected from the instant your server is in a position. The firewall is turned on by default for any domain or subdomain on the Virtual Private Server, but if necessary, you could deactivate it with a click through the corresponding section of Hepsia. You could also set it to function in detection mode, so it'll maintain an extensive log of any possible attacks without taking any action to prevent them. The logs can be found inside the exact same section and offer information regarding the nature of the attack, what IP address it came from and what ModSecurity rule was activated to stop it. For best security, we use not simply commercial rules from a business working in the field of web security, but also custom ones which our administrators include personally in order to react to new threats which are still not dealt with in the commercial rules.

ModSecurity in Dedicated Servers

When you opt to host your Internet sites on a dedicated server with the Hepsia CP, your web apps shall be protected right away as ModSecurity is available with all Hepsia-based plans. You will be able to regulate the firewall with ease and if required, you shall be able to turn it off or enable its passive mode when it'll only maintain a log of what is going on without taking any action to stop possible attacks. The logs which you can find in the same section of the CP are very detailed and contain details about the attacker IP address, what site and file were attacked and in what ways, what rule the firewall used to stop the intrusion, etcetera. This data shall permit you to take measures and improve the security of your sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones which our administrators add when they identify attacks that haven't yet been included within the commercial pack.