ModSecurity

: Definitions; Disk Space; Hepsia Control Panel; Domains Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Customer Support; Monthly Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Order Now

ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the entire HTTP traffic to an Internet site without affecting its overall performance and when it detects an intrusion attempt, it blocks it. The firewall furthermore keeps a more detailed log for the website visitors than any web server does, so you'll be able to monitor what's going on with your Internet sites a lot better than if you rely merely on conventional logs. ModSecurity works with security rules based on which it stops attacks. For instance, it identifies if someone is trying to log in to the admin area of a particular script several times or if a request is sent to execute a file with a specific command. In such cases these attempts trigger the corresponding rules and the software hinders the attempts right away, and then records in-depth details about them inside its logs. ModSecurity is among the best software firewalls available and it can easily protect your web applications against a huge number of threats and vulnerabilities, particularly in case you don’t update them or their plugins frequently.

ModSecurity in Cloud Hosting

ModSecurity comes standard with all cloud hosting plans that we provide and it'll be turned on automatically for any domain or subdomain which you add/create within your Hepsia hosting Control Panel. The firewall has 3 different modes, so you could switch on and disable it with simply a click or set it to detection mode, so it'll keep a log of all attacks, but it shall not do anything to prevent them. The log for any of your sites will feature detailed information such as the nature of the attack, where it originated from, what action was taken by ModSecurity, and so on. The firewall rules that we use are regularly updated and consist of both commercial ones we get from a third-party security firm and custom ones that our system admins include in case that they detect a new type of attacks. In this way, the websites you host here shall be far more secure with no action expected on your end.

ModSecurity in Semi-dedicated Hosting

We've incorporated ModSecurity as a standard in all semi-dedicated hosting plans, so your web applications will be protected as soon as you install them under any domain or subdomain. The Hepsia CP that comes with the semi-dedicated accounts will permit you to activate or disable the firewall for any Internet site with a mouse click. You shall also be able to switch on a passive detection mode through which ModSecurity shall maintain a log of possible attacks without actually preventing them. The detailed logs include the nature of the attack and what ModSecurity response this attack activated, where it originated from, etcetera. The list of rules that we employ is frequently updated as to match any new threats that may appear on the Internet and it consists of both commercial rules that we get from a security firm and custom-written ones that our admins add if they discover a threat which is not present in the commercial list yet.

ModSecurity in VPS Web Hosting

ModSecurity is provided with all Hepsia-based virtual private servers that we offer and it will be switched on automatically for every new domain or subdomain that you include on the web server. In this way, any web app you install will be secured from the very beginning without doing anything manually on your end. The firewall can be managed via the section of the Control Panel which has the same name. This is the location whereyou'll be able to switch off ModSecurity or let its passive mode, so it won't take any action against threats, but will still maintain a thorough log. The recorded data is available within the same area as well and you shall be able to see what IPs any attacks came from so that you block them, what the nature of the attempted attacks was and based on what security rules ModSecurity responded. The rules which we use on our servers are a mix between commercial ones we get from a security firm and custom ones which are added by our staff to enhance the security of any web apps hosted on our end.

ModSecurity in Dedicated Servers Hosting

ModSecurity is available as standard with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain which you host or subdomain you create on the web server. In the event that a web app does not work correctly, you may either turn off the firewall or set it to function in passive mode. The second means that ModSecurity shall keep a log of any potential attack which may happen, but shall not take any action to stop it. The logs generated in passive or active mode will give you additional details about the exact file which was attacked, the form of the attack and the IP address it came from, and so forth. This information shall enable you to decide what measures you can take to increase the safety of your sites, including blocking IPs or performing script and plugin updates. The ModSecurity rules that we employ are updated frequently with a commercial package from a third-party security company we work with, but sometimes our staff add their own rules as well in case they find a new potential threat.