ModSecurity

: Hosting Definitions; Disk Space; Hepsia Control Panel; Hosted Domains; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Support; Data Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Get Started

ModSecurity is an efficient firewall for Apache web servers which is used to stop attacks against web applications. It monitors the HTTP traffic to a specific site in real time and prevents any intrusion attempts the moment it discovers them. The firewall relies on a set of rules to accomplish that - as an illustration, attempting to log in to a script administrator area unsuccessfully a few times activates one rule, sending a request to execute a particular file which may result in gaining access to the website triggers a different rule, and so on. ModSecurity is one of the best firewalls available and it'll secure even scripts which aren't updated frequently since it can prevent attackers from employing known exploits and security holes. Very detailed data about every intrusion attempt is recorded and the logs the firewall maintains are much more specific than the standard logs generated by the Apache server, so you can later take a look at them and determine whether you need to take additional measures so as to enhance the protection of your script-driven sites.

ModSecurity in Cloud Hosting

We provide ModSecurity with all cloud hosting packages, so your Internet apps will be shielded from harmful attacks. The firewall is activated by default for all domains and subdomains, but in case you'd like, you will be able to stop it through the respective area of your Hepsia Control Panel. You can also activate a detection mode, so ModSecurity shall keep a log as intended, but shall not take any action. The logs which you shall find inside Hepsia are very detailed and offer info about the nature of any attack, when it occurred and from what IP address, the firewall rule that was triggered, etcetera. We use a range of commercial rules that are constantly updated, but sometimes our administrators include custom rules as well so as to efficiently protect the Internet sites hosted on our machines.

ModSecurity in Semi-dedicated Servers

We have integrated ModSecurity as a standard inside all semi-dedicated server packages, so your web apps will be protected as soon as you set them up under any domain or subdomain. The Hepsia Control Panel that is included with the semi-dedicated accounts shall allow you to activate or disable the firewall for any website with a mouse click. You'll also be able to activate a passive detection mode with which ModSecurity will keep a log of potential attacks without actually stopping them. The comprehensive logs include the nature of the attack and what ModSecurity response this attack triggered, where it came from, and so on. The list of rules which we use is constantly updated in order to match any new threats that may appear on the Internet and it consists of both commercial rules that we get from a security firm and custom-written ones that our administrators add in case they find a threat which is not present within the commercial list yet.

ModSecurity in VPS Servers

All VPS servers that are provided with the Hepsia Control Panel feature ModSecurity. The firewall is installed and turned on by default for all domains that are hosted on the machine, so there shall not be anything special which you'll need to do to protect your Internet sites. It'll take you only a mouse click to stop ModSecurity if necessary or to switch on its passive mode so that it records what goes on without taking any steps to stop intrusions. You will be able to see the logs generated in passive or active mode through the corresponding section of Hepsia and discover more about the form of the attack, where it originated from, what rule the firewall employed to take care of it, etcetera. We use a combination of commercial and custom rules in order to make certain that ModSecurity will block out as many threats as possible, hence enhancing the protection of your web applications as much as possible.

ModSecurity in Dedicated Servers

All of our dedicated servers that are set up with the Hepsia hosting CP feature ModSecurity, so any app you upload or install will be properly secured from the very beginning and you won't have to bother about common attacks or vulnerabilities. An independent section in Hepsia will permit you to start or stop the firewall for any domain or subdomain, or switch on a detection mode so that it records information regarding intrusions, but doesn't take actions to stop them. What you'll see in the logs can easily enable you to to secure your sites better - the IP an attack came from, what site was attacked and in what way, what ModSecurity rule was triggered, etc. With this info, you'll be able to see if an Internet site needs an update, if you ought to block IPs from accessing your web server, and so forth. Aside from the third-party commercial security rules for ModSecurity that we use, our admins add custom ones too every time they come across a new threat which is not yet in the commercial bundle.