ModSecurity

: Terminology; Disk Space; Hepsia Control Panel; Domains Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Customer Support; Bandwidth; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Purchase

ModSecurity is an efficient firewall for Apache web servers which is used to prevent attacks against web applications. It keeps track of the HTTP traffic to a particular website in real time and prevents any intrusion attempts as soon as it identifies them. The firewall relies on a set of rules to do this - as an example, attempting to log in to a script administrator area unsuccessfully a few times triggers one rule, sending a request to execute a particular file which may result in gaining access to the Internet site triggers another rule, etc. ModSecurity is among the best firewalls out there and it'll preserve even scripts which are not updated often because it can prevent attackers from using known exploits and security holes. Very comprehensive info about every intrusion attempt is recorded and the logs the firewall maintains are a lot more comprehensive than the conventional logs provided by the Apache server, so you can later take a look at them and determine whether you need to take more measures so as to improve the safety of your script-driven sites.

ModSecurity in Cloud Web Hosting

We provide ModSecurity with all cloud web hosting plans, so your Internet applications will be shielded from malicious attacks. The firewall is switched on as standard for all domains and subdomains, but in case you would like, you shall be able to stop it via the respective section of your Hepsia Control Panel. You could also activate a detection mode, so ModSecurity will keep a log as intended, but will not take any action. The logs which you shall find within Hepsia are incredibly detailed and include info about the nature of any attack, when it occurred and from what IP address, the firewall rule that was triggered, etcetera. We use a range of commercial rules that are constantly updated, but sometimes our admins add custom rules as well in order to better protect the Internet sites hosted on our servers.

ModSecurity in Semi-dedicated Servers

Any web app that you set up in your new semi-dedicated server account shall be protected by ModSecurity because the firewall comes with all our hosting solutions and is activated by default for any domain and subdomain that you add or create through your Hepsia hosting Control Panel. You shall be able to manage ModSecurity through a dedicated area within Hepsia where not only can you activate or deactivate it entirely, but you can also switch on a passive mode, so the firewall shall not block anything, but it will still maintain an archive of possible attacks. This requires just a click and you shall be able to look at the logs regardless if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was addressed, etcetera. The firewall employs 2 sets of rules on our web servers - a commercial one which we get from a third-party web security firm and a custom one which our administrators update manually in order to respond to newly discovered risks immediately.

ModSecurity in VPS Servers

All VPS servers which are provided with the Hepsia Control Panel include ModSecurity. The firewall is set up and turned on by default for all domains that are hosted on the machine, so there shall not be anything special that you'll need to do to protect your Internet sites. It shall take you simply a mouse click to stop ModSecurity if needed or to turn on its passive mode so that it records what happens without taking any steps to stop intrusions. You shall be able to look at the logs created in active or passive mode from the corresponding section of Hepsia and find out more about the type of the attack, where it originated from, what rule the firewall employed to handle it, and so on. We use a combination of commercial and custom rules so as to make certain that ModSecurity will block as many risks as possible, hence enhancing the security of your web programs as much as possible.

ModSecurity in Dedicated Servers

ModSecurity is included with all dedicated servers that are set up with our Hepsia CP and you'll not have to do anything specific on your end to use it as it is turned on by default each time you include a new domain or subdomain on your hosting server. In the event that it interferes with any of your apps, you'll be able to stop it via the respective area of Hepsia, or you may leave it in passive mode, so it'll detect attacks and will still maintain a log for them, but won't block them. You'll be able to examine the logs later to learn what you can do to boost the protection of your websites since you'll find details such as where an intrusion attempt originated from, what website was attacked and based upon what rule ModSecurity responded, and so on. The rules which we employ are commercial, hence they're constantly updated by a security company, but to be on the safe side, our administrators also add custom rules occasionally as to deal with any new threats they have discovered.