ModSecurity

: Definitions; Disk Space; Hepsia Control Panel; Hosted Domain Names; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Customer Support; Data Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Buy Now

ModSecurity is a powerful firewall for Apache web servers that is employed to stop attacks toward web apps. It tracks the HTTP traffic to a given website in real time and prevents any intrusion attempts the moment it discovers them. The firewall relies on a set of rules to do that - for instance, attempting to log in to a script administrator area unsuccessfully many times activates one rule, sending a request to execute a particular file that may result in getting access to the site triggers another rule, and so on. ModSecurity is one of the best firewalls available on the market and it'll secure even scripts which are not updated often as it can prevent attackers from using known exploits and security holes. Very comprehensive data about every intrusion attempt is recorded and the logs the firewall keeps are considerably more comprehensive than the conventional logs provided by the Apache server, so you may later examine them and decide whether you need to take more measures in order to improve the safety of your script-driven sites.

ModSecurity in Cloud Hosting

ModSecurity comes by default with all cloud hosting packages which we offer and it'll be turned on automatically for any domain or subdomain that you add/create within your Hepsia hosting Control Panel. The firewall has three different modes, so you'll be able to activate and deactivate it with simply a click or set it to detection mode, so it will maintain a log of all attacks, but it shall not do anything to prevent them. The log for any of your websites will include detailed info including the nature of the attack, where it came from, what action was taken by ModSecurity, and so forth. The firewall rules which we use are regularly updated and include both commercial ones that we get from a third-party security business and custom ones which our system admins include in the event that they detect a new kind of attacks. This way, the websites that you host here will be far more secure with no action needed on your end.

ModSecurity in Semi-dedicated Hosting

We have integrated ModSecurity by default in all semi-dedicated hosting packages, so your web apps shall be protected the instant you set them up under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts will permit you to switch on or turn off the firewall for any website with a mouse click. You will also have the ability to turn on a passive detection mode through which ModSecurity shall maintain a log of possible attacks without actually stopping them. The detailed logs include things like the nature of the attack and what ModSecurity response that attack generated, where it came from, and so on. The list of rules that we use is frequently updated in order to match any new risks that could appear on the Internet and it consists of both commercial rules that we get from a security company and custom-written ones which our admins add in case they find a threat that's not present in the commercial list yet.

ModSecurity in VPS Web Hosting

Protection is very important to us, so we set up ModSecurity on all virtual private servers which are set up with the Hepsia CP as a standard. The firewall can be managed via a dedicated section in Hepsia and is switched on automatically when you add a new domain or generate a subdomain, so you will not have to do anything by hand. You will also be able to disable it or activate the so-called detection mode, so it will keep a log of potential attacks that you can later study, but will not block them. The logs in both passive and active modes contain information regarding the type of the attack and how it was eliminated, what IP address it came from and other valuable data which may help you to tighten the security of your websites by updating them or blocking IPs, as an example. Besides the commercial rules which we get for ModSecurity from a third-party security enterprise, we also use our own rules because once in a while we discover specific attacks which are not yet present in the commercial package. That way, we can easily improve the protection of your VPS in a timely manner rather than awaiting a certified update.

ModSecurity in Dedicated Servers Hosting

If you opt to host your websites on a dedicated server with the Hepsia CP, your web programs shall be secured right from the start since ModSecurity is supplied with all Hepsia-based packages. You shall be able to regulate the firewall with ease and if needed, you'll be able to turn it off or enable its passive mode when it'll only maintain a log of what is occurring without taking any action to stop possible attacks. The logs that you can find in the same section of the CP are really detailed and include information about the attacker IP, what website and file were attacked and in what way, what rule the firewall employed to prevent the intrusion, and so on. This data shall permit you to take measures and boost the protection of your Internet sites even more. To be on the safe side, we use not only commercial rules, but also custom-made ones that our administrators include when they identify attacks which haven't yet been included inside the commercial pack.