ModSecurity

: Definitions; Disk Space; Hepsia Control Panel; Hosted Domain Names; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Support; Bandwidth; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Buy Now

ModSecurity is a powerful web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to an Internet site without affecting its functionality and in case it identifies an intrusion attempt, it prevents it. The firewall also keeps a more comprehensive log for the website visitors than any web server does, so you'll be able to keep track of what's happening with your Internet sites much better than if you rely only on conventional logs. ModSecurity uses security rules based on which it stops attacks. For example, it recognizes if someone is attempting to log in to the administrator area of a particular script a number of times or if a request is sent to execute a file with a particular command. In these instances these attempts set off the corresponding rules and the firewall program blocks the attempts in real time, after that records comprehensive information about them inside its logs. ModSecurity is one of the very best software firewalls out there and it can protect your web applications against a huge number of threats and vulnerabilities, particularly if you don’t update them or their plugins frequently.

ModSecurity in Cloud Website Hosting

ModSecurity is available with every cloud website hosting solution that we offer and it is switched on by default for any domain or subdomain which you include through your Hepsia CP. In the event that it interferes with any of your apps or you'd like to disable it for any reason, you shall be able to do this through the ModSecurity section of Hepsia with simply a click. You may also use a passive mode, so the firewall will identify possible attacks and maintain a log, but will not take any action. You could see extensive logs in the same section, including the IP where the attack originated from, what precisely the attacker tried to do and at what time, what ModSecurity did, etc. For max security of our customers we use a group of commercial firewall rules blended with custom ones that are added by our system admins.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting solutions that we offer feature ModSecurity and because the firewall is switched on by default, any site which you create under a domain or a subdomain shall be protected right away. An independent section within the Hepsia CP that comes with the semi-dedicated accounts is dedicated to ModSecurity and it will permit you to stop and start the firewall for any site or switch on a detection mode. With the latter, ModSecurity will not take any action, but it will still detect possible attacks and will keep all information within a log as if it were 100% active. The logs could be found within the exact same section of the CP and they feature information about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to identify and stop it, and so forth. The security rules we employ on our servers are a mix between commercial ones from a security business and custom ones created by our system administrators. Therefore, we provide greater security for your web apps as we can protect them from attacks even before security firms release updates for brand new threats.

ModSecurity in VPS Web Hosting

ModSecurity is provided with all Hepsia-based virtual private servers that we offer and it shall be turned on automatically for every new domain or subdomain which you include on the server. This way, any web app that you install shall be secured from the very beginning without doing anything manually on your end. The firewall may be handled via the section of the Control Panel that bears the same name. This is the location in whichyou could disable ModSecurity or activate its passive mode, so it will not take any action towards threats, but will still keep a thorough log. The recorded info is available within the same area as well and you'll be able to see what IPs any attacks originated from so that you can block them, what the nature of the attempted attacks was and based on what security rules ModSecurity responded. The rules that we use on our servers are a mix between commercial ones which we obtain from a security organization and custom ones which are included by our administrators to maximize the security of any web apps hosted on our end.

ModSecurity in Dedicated Servers Hosting

All of our dedicated servers which are set up with the Hepsia hosting CP include ModSecurity, so any app you upload or install will be secured from the very beginning and you won't need to stress about common attacks or vulnerabilities. A separate section in Hepsia will enable you to start or stop the firewall for every domain or subdomain, or activate a detection mode so that it records details about intrusions, but does not take actions to stop them. What you shall discover in the logs can easily enable you to to secure your sites better - the IP an attack came from, what website was attacked and in what way, what ModSecurity rule was triggered, and so forth. With this info, you could see whether a website needs an update, if you ought to block IPs from accessing your server, etc. In addition to the third-party commercial security rules for ModSecurity that we use, our administrators include custom ones too whenever they find a new threat which is not yet a part of the commercial bundle.