ModSecurity

: Hosting Terminology; Disk Space; Hepsia Control Panel; Domain Names Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Support; Monthly Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Get Started

ModSecurity is an efficient firewall for Apache web servers that's used to stop attacks against web apps. It keeps track of the HTTP traffic to a particular Internet site in real time and prevents any intrusion attempts as soon as it detects them. The firewall uses a set of rules to do that - for instance, attempting to log in to a script admin area without success a few times activates one rule, sending a request to execute a specific file which may result in accessing the site triggers a different rule, and so forth. ModSecurity is amongst the best firewalls out there and it'll secure even scripts that are not updated regularly as it can prevent attackers from using known exploits and security holes. Incredibly comprehensive information about every intrusion attempt is recorded and the logs the firewall keeps are a lot more comprehensive than the conventional logs provided by the Apache server, so you may later take a look at them and determine if you need to take more measures in order to enhance the security of your script-driven websites.

ModSecurity in Shared Hosting

ModSecurity is available with each shared hosting plan that we offer and it's switched on by default for any domain or subdomain that you include via your Hepsia Control Panel. In the event that it interferes with any of your apps or you would like to disable it for any reason, you'll be able to accomplish that through the ModSecurity section of Hepsia with just a click. You can also activate a passive mode, so the firewall will identify possible attacks and maintain a log, but will not take any action. You can see extensive logs in the very same section, including the IP where the attack originated from, what precisely the attacker tried to do and at what time, what ModSecurity did, etc. For max safety of our customers we use a set of commercial firewall rules combined with custom ones which are provided by our system administrators.

ModSecurity in Semi-dedicated Hosting

Any web application which you install in your new semi-dedicated hosting account will be protected by ModSecurity because the firewall is provided with all our hosting plans and is switched on by default for any domain and subdomain which you include or create through your Hepsia hosting CP. You will be able to manage ModSecurity via a dedicated section in Hepsia where not only can you activate or deactivate it fully, but you can also enable a passive mode, so the firewall won't stop anything, but it'll still maintain an archive of possible attacks. This takes only a click and you'll be able to view the logs regardless of if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was dealt with, and so on. The firewall employs 2 groups of rules on our web servers - a commercial one that we get from a third-party web security provider and a custom one which our admins update personally as to respond to recently discovered risks as soon as possible.

ModSecurity in VPS Web Hosting

Safety is vital to us, so we install ModSecurity on all virtual private servers that are provided with the Hepsia Control Panel by default. The firewall can be managed via a dedicated section in Hepsia and is activated automatically when you add a new domain or generate a subdomain, so you will not need to do anything by hand. You will also be able to disable it or activate the so-called detection mode, so it'll keep a log of possible attacks that you can later study, but will not prevent them. The logs in both passive and active modes include details about the kind of the attack and how it was eliminated, what IP it originated from and other useful info that might help you to tighten the security of your sites by updating them or blocking IPs, for instance. On top of the commercial rules we get for ModSecurity from a third-party security enterprise, we also employ our own rules because from time to time we find specific attacks that are not yet present within the commercial group. This way, we could boost the protection of your Virtual private server instantly rather than awaiting an official update.

ModSecurity in Dedicated Servers Hosting

When you choose to host your sites on a dedicated server with the Hepsia CP, your web applications shall be protected straight away because ModSecurity is provided with all Hepsia-based packages. You'll be able to manage the firewall without difficulty and if needed, you shall be able to turn it off or enable its passive mode when it'll only keep a log of what is happening without taking any action to stop potential attacks. The logs which you can find in the exact same section of the CP are incredibly detailed and contain details about the attacker IP address, what website and file were attacked and in what ways, what rule the firewall employed to prevent the intrusion, and so on. This data shall enable you to take measures and improve the protection of your sites even more. To be on the safe side, we use not only commercial rules, but also custom-made ones that our staff add whenever they recognize attacks which have not yet been included inside the commercial pack.