ModSecurity

: Glossary; Disk Space; Hepsia Control Panel; Hosted Domain Names; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Help Desk; Monthly Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Order

ModSecurity is an efficient firewall for Apache web servers which is used to prevent attacks against web apps. It tracks the HTTP traffic to a particular website in real time and blocks any intrusion attempts as soon as it discovers them. The firewall relies on a set of rules to accomplish that - as an example, attempting to log in to a script admin area unsuccessfully many times activates one rule, sending a request to execute a specific file which could result in accessing the site triggers a different rule, etcetera. ModSecurity is amongst the best firewalls out there and it will protect even scripts which are not updated on a regular basis since it can prevent attackers from using known exploits and security holes. Incredibly detailed info about every intrusion attempt is recorded and the logs the firewall keeps are considerably more specific than the conventional logs created by the Apache server, so you could later take a look at them and decide whether you need to take more measures so as to increase the safety of your script-driven websites.

ModSecurity in Website Hosting

We offer ModSecurity with all website hosting plans, so your web applications shall be resistant to harmful attacks. The firewall is activated as standard for all domains and subdomains, but in case you'd like, you'll be able to stop it through the respective area of your Hepsia Control Panel. You'll be able to also switch on a detection mode, so ModSecurity will keep a log as intended, but won't take any action. The logs which you will discover within Hepsia are incredibly detailed and offer data about the nature of any attack, when it took place and from what IP address, the firewall rule that was triggered, etc. We use a group of commercial rules that are frequently updated, but sometimes our administrators include custom rules as well in order to better protect the websites hosted on our servers.

ModSecurity in Semi-dedicated Hosting

ModSecurity is a part of our semi-dedicated hosting solutions and if you choose to host your Internet sites with our company, there shall not be anything special you will have to do since the firewall is turned on by default for all domains and subdomains which you include via your hosting Control Panel. If needed, you could disable ModSecurity for a particular site or enable the so-called detection mode in which case the firewall shall still work and record information, but won't do anything to prevent possible attacks on your sites. Thorough logs shall be readily available within your Control Panel and you'll be able to see which kind of attacks took place, what security rules were triggered and how the firewall dealt with the threats, what IP addresses the attacks came from, etc. We use two kinds of rules on our servers - commercial ones from a company that operates in the field of web security, and custom made ones that our admins sometimes add to respond to newly identified threats promptly.

ModSecurity in VPS

ModSecurity is included with all Hepsia-based virtual private servers we offer and it'll be activated automatically for every new domain or subdomain you add on the web server. That way, any web app you install shall be protected from the very beginning without doing anything personally on your end. The firewall can be handled via the section of the Control Panel that has the same name. This is the location in whichyou can switch off ModSecurity or let its passive mode, so it shall not take any action against threats, but shall still maintain a detailed log. The recorded information is available in the same section as well and you shall be able to see what IPs any attacks originated from so that you can stop them, what the nature of the attempted attacks was and based on what security rules ModSecurity responded. The rules that we employ on our servers are a mix between commercial ones which we obtain from a security organization and custom ones that are included by our administrators to optimize the security of any web applications hosted on our end.

ModSecurity in Dedicated Hosting

All of our dedicated servers that are set up with the Hepsia hosting Control Panel feature ModSecurity, so any program which you upload or install will be protected from the very beginning and you'll not need to worry about common attacks or vulnerabilities. A separate section inside Hepsia will enable you to start or stop the firewall for any domain or subdomain, or activate a detection mode so that it records information about intrusions, but does not take actions to stop them. What you'll find in the logs can enable you to to secure your Internet sites better - the IP an attack originated from, what website was attacked and how, what ModSecurity rule was triggered, and so forth. With this data, you'll be able to see whether an Internet site needs an update, if you ought to block IPs from accessing your hosting server, etcetera. In addition to the third-party commercial security rules for ModSecurity that we use, our administrators include custom ones too when they discover a new threat which is not yet a part of the commercial bundle.