ModSecurity

: Hosting Glossary; Disk Space; Hepsia Control Panel; Domain Names Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Customer Support; Data Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Get Started

ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to an Internet site without affecting its operation and when it identifies an intrusion attempt, it prevents it. The firewall also keeps a more thorough log for the traffic than any server does, so you will manage to monitor what's going on with your Internet sites better than if you rely only on conventional logs. ModSecurity uses security rules based on which it prevents attacks. For example, it recognizes whether somebody is attempting to log in to the admin area of a certain script several times or if a request is sent to execute a file with a certain command. In such situations these attempts trigger the corresponding rules and the firewall hinders the attempts right away, then records in-depth details about them within its logs. ModSecurity is among the best software firewalls on the market and it could easily protect your web apps against many threats and vulnerabilities, especially if you don’t update them or their plugins frequently.

ModSecurity in Cloud Hosting

ModSecurity comes standard with all cloud hosting plans which we supply and it will be switched on automatically for any domain or subdomain that you add/create inside your Hepsia hosting CP. The firewall has 3 different modes, so you can activate and disable it with only a click or set it to detection mode, so it will keep a log of all attacks, but it shall not do anything to stop them. The log for any of your Internet sites shall contain comprehensive information which includes the nature of the attack, where it originated from, what action was taken by ModSecurity, and so on. The firewall rules which we use are constantly updated and comprise of both commercial ones which we get from a third-party security business and custom ones that our system administrators include in the event that they detect a new sort of attacks. In this way, the websites you host here will be much more protected with no action expected on your end.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting solutions that we offer feature ModSecurity and given that the firewall is enabled by default, any website which you build under a domain or a subdomain shall be protected straight away. An independent section within the Hepsia CP that comes with the semi-dedicated accounts is devoted to ModSecurity and it will allow you to start and stop the firewall for any website or switch on a detection mode. With the last option, ModSecurity won't take any action, but it will still recognize possible attacks and will keep all info within a log as if it were 100% active. The logs can be found inside the very same section of the CP and they feature info about the IP where an attack came from, what its nature was, what rule ModSecurity applies to detect and stop it, etc. The security rules we employ on our web servers are a mix between commercial ones from a security business and custom ones made by our system administrators. As a result, we provide higher security for your web applications as we can defend them from attacks before security businesses release updates for new threats.

ModSecurity in VPS Hosting

All virtual private servers that are offered with the Hepsia Control Panel feature ModSecurity. The firewall is set up and activated by default for all domains which are hosted on the machine, so there will not be anything special which you'll need to do to protect your sites. It shall take you simply a mouse click to stop ModSecurity if necessary or to switch on its passive mode so that it records what happens without taking any actions to prevent intrusions. You will be able to see the logs produced in active or passive mode from the corresponding section of Hepsia and find out more about the form of the attack, where it originated from, what rule the firewall used to handle it, and so forth. We use a mixture of commercial and custom rules so as to ensure that ModSecurity shall prevent as many risks as possible, hence boosting the security of your web programs as much as possible.

ModSecurity in Dedicated Web Hosting

ModSecurity is provided with all dedicated servers which are set up with our Hepsia CP and you'll not need to do anything specific on your end to use it as it's enabled by default whenever you add a new domain or subdomain on your server. In the event that it disrupts any of your applications, you'll be able to stop it via the respective section of Hepsia, or you can leave it in passive mode, so it'll identify attacks and will still keep a log for them, but won't prevent them. You could examine the logs later to determine what you can do to boost the safety of your websites since you shall find details such as where an intrusion attempt originated from, what site was attacked and in accordance with what rule ModSecurity reacted, and so on. The rules that we employ are commercial, thus they're regularly updated by a security company, but to be on the safe side, our staff also add custom rules from time to time in order to respond to any new threats they have identified.