ModSecurity

: Hosting Definitions; Disk Space; Hepsia Control Panel; Domain Names Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Support; Bandwidth; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Sign Up

ModSecurity is an efficient firewall for Apache web servers which is used to stop attacks against web applications. It keeps track of the HTTP traffic to a specific website in real time and stops any intrusion attempts the instant it discovers them. The firewall relies on a set of rules to accomplish that - for instance, attempting to log in to a script administrator area without success several times triggers one rule, sending a request to execute a certain file which may result in gaining access to the site triggers a different rule, and so forth. ModSecurity is among the best firewalls on the market and it'll protect even scripts which are not updated often as it can prevent attackers from using known exploits and security holes. Quite comprehensive data about every single intrusion attempt is recorded and the logs the firewall keeps are much more comprehensive than the standard logs provided by the Apache server, so you could later examine them and determine whether you need to take extra measures in order to increase the security of your script-driven websites.

ModSecurity in Cloud Hosting

ModSecurity is supplied with all cloud hosting web servers, so if you choose to host your Internet sites with our firm, they will be resistant to a wide range of attacks. The firewall is enabled as standard for all domains and subdomains, so there shall be nothing you shall need to do on your end. You will be able to stop ModSecurity for any website if necessary, or to activate a detection mode, so that all activity shall be recorded, but the firewall shall not take any real action. You shall be able to view comprehensive logs from your Hepsia Control Panel including the IP where the attack originated from, what the attacker planned to do and how ModSecurity handled the threat. As we take the protection of our clients' Internet sites seriously, we use a selection of commercial rules which we get from one of the leading firms that maintain this sort of rules. Our administrators also include custom rules to ensure that your sites will be protected against as many risks as possible.

ModSecurity in Semi-dedicated Servers

We've incorporated ModSecurity as a standard inside all semi-dedicated server packages, so your web apps will be protected as soon as you install them under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts shall allow you to enable or turn off the firewall for any Internet site with a mouse click. You will also have the ability to switch on a passive detection mode in which ModSecurity shall keep a log of possible attacks without actually stopping them. The detailed logs contain the nature of the attack and what ModSecurity response that attack caused, where it came from, etcetera. The list of rules which we use is constantly updated as to match any new threats that might appear on the Internet and it comes with both commercial rules that we get from a security firm and custom-written ones which our administrators add in case they find a threat that's not present inside the commercial list yet.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers which are offered with the Hepsia hosting CP, so your web apps will be secured from the second your server is ready. The firewall is turned on by default for any domain or subdomain on the VPS, but if necessary, you could deactivate it with a mouse click from the corresponding section of Hepsia. You could also set it to work in detection mode, so it will keep a detailed log of any potential attacks without taking any action to prevent them. The logs can be found within the exact same section and offer details about the nature of the attack, what IP it originated from and what ModSecurity rule was triggered to stop it. For optimum security, we use not simply commercial rules from a company operating in the field of web security, but also custom ones that our admins add personally so as to respond to new risks which are still not addressed in the commercial rules.

ModSecurity in Dedicated Servers

ModSecurity is available as standard with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain that you host or subdomain that you create on the server. Just in case that a web app does not operate adequately, you can either switch off the firewall or set it to function in passive mode. The second means that ModSecurity will keep a log of any possible attack which might happen, but shall not take any action to stop it. The logs produced in passive or active mode shall give you more details about the exact file which was attacked, the nature of the attack and the IP it came from, etcetera. This data will permit you to determine what measures you can take to increase the safety of your Internet sites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules we use are updated frequently with a commercial package from a third-party security firm we work with, but sometimes our administrators include their own rules too in case they discover a new potential threat.