ModSecurity

: Hosting Definitions; Disk Space; Hepsia Control Panel; Domain Names Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Support; Bandwidth; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Join us

ModSecurity is an effective firewall for Apache web servers that's employed to stop attacks towards web applications. It tracks the HTTP traffic to a specific website in real time and blocks any intrusion attempts the instant it identifies them. The firewall relies on a set of rules to accomplish that - for instance, trying to log in to a script administration area unsuccessfully several times sets off one rule, sending a request to execute a specific file that could result in gaining access to the Internet site triggers a different rule, etcetera. ModSecurity is one of the best firewalls available and it'll secure even scripts which are not updated on a regular basis as it can prevent attackers from using known exploits and security holes. Quite thorough data about each and every intrusion attempt is recorded and the logs the firewall maintains are considerably more detailed than the conventional logs generated by the Apache server, so you may later analyze them and decide whether you need to take more measures so as to enhance the safety of your script-driven websites.

ModSecurity in Cloud Hosting

ModSecurity comes standard with all cloud hosting packages which we offer and it will be switched on automatically for any domain or subdomain you add/create in your Hepsia hosting CP. The firewall has three different modes, so you can switch on and deactivate it with a click or set it to detection mode, so it will keep a log of all attacks, but it'll not do anything to prevent them. The log for each of your websites shall include in-depth information such as the nature of the attack, where it came from, what action was taken by ModSecurity, and so forth. The firewall rules that we use are regularly updated and incorporate both commercial ones which we get from a third-party security company and custom ones that our system admins add in the event that they detect a new type of attacks. This way, the sites that you host here will be much more secure with no action required on your end.

ModSecurity in Semi-dedicated Hosting

We've incorporated ModSecurity as a standard in all semi-dedicated hosting packages, so your web apps shall be protected whenever you install them under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts will permit you to switch on or disable the firewall for any Internet site with a click. You shall also be able to turn on a passive detection mode through which ModSecurity will keep a log of possible attacks without actually stopping them. The thorough logs contain the nature of the attack and what ModSecurity response this attack initiated, where it came from, and so forth. The list of rules we use is regularly updated in order to match any new threats which might appear on the Internet and it features both commercial rules that we get from a security business and custom-written ones which our admins include if they discover a threat which is not present inside the commercial list yet.

ModSecurity in VPS Hosting

Security is of the utmost importance to us, so we install ModSecurity on all virtual private servers that are made available with the Hepsia CP by default. The firewall can be managed through a dedicated section within Hepsia and is turned on automatically when you add a new domain or create a subdomain, so you'll not have to do anything personally. You shall also be able to deactivate it or activate the so-called detection mode, so it shall keep a log of possible attacks that you can later examine, but shall not block them. The logs in both passive and active modes contain details regarding the type of the attack and how it was eliminated, what IP it came from and other valuable info which may help you to tighten the security of your sites by updating them or blocking IPs, for example. Besides the commercial rules that we get for ModSecurity from a third-party security enterprise, we also employ our own rules as from time to time we discover specific attacks that are not yet present inside the commercial package. This way, we can improve the security of your Virtual private server right away instead of awaiting an official update.

ModSecurity in Dedicated Web Hosting

ModSecurity is provided with all dedicated servers which are set up with our Hepsia Control Panel and you'll not need to do anything specific on your end to employ it since it's enabled by default every time you include a new domain or subdomain on your hosting server. In the event that it disrupts some of your apps, you'll be able to stop it via the respective area of Hepsia, or you may leave it in passive mode, so it'll detect attacks and shall still maintain a log for them, but won't stop them. You could look at the logs later to find out what you can do to improve the safety of your sites since you will find information such as where an intrusion attempt originated from, what site was attacked and in accordance with what rule ModSecurity responded, etc. The rules that we employ are commercial, thus they are regularly updated by a security provider, but to be on the safe side, our admins also include custom rules occasionally as to react to any new threats they have discovered.