ModSecurity

: Hosting Glossary; Disk Space; Hepsia Control Panel; Hosted Domain Names; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Support; Data Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Order

ModSecurity is a highly effective firewall for Apache web servers that is used to stop attacks toward web apps. It tracks the HTTP traffic to a certain site in real time and blocks any intrusion attempts the moment it discovers them. The firewall relies on a set of rules to do this - as an example, attempting to log in to a script administrator area unsuccessfully a few times sets off one rule, sending a request to execute a specific file which could result in getting access to the website triggers a different rule, and so forth. ModSecurity is one of the best firewalls available and it will preserve even scripts which are not updated often as it can prevent attackers from employing known exploits and security holes. Incredibly thorough info about each and every intrusion attempt is recorded and the logs the firewall keeps are considerably more specific than the regular logs created by the Apache server, so you may later examine them and determine whether you need to take extra measures in order to enhance the safety of your script-driven sites.

ModSecurity in Shared Website Hosting

We offer ModSecurity with all shared website hosting solutions, so your Internet apps shall be resistant to destructive attacks. The firewall is activated by default for all domains and subdomains, but in case you'd like, you shall be able to stop it via the respective part of your Hepsia Control Panel. You could also switch on a detection mode, so ModSecurity will keep a log as intended, but will not take any action. The logs that you will find in Hepsia are incredibly detailed and feature information about the nature of any attack, when it took place and from what IP address, the firewall rule which was triggered, and so on. We use a group of commercial rules which are often updated, but sometimes our administrators add custom rules as well in order to better protect the websites hosted on our machines.

ModSecurity in Semi-dedicated Servers

ModSecurity is a part of our semi-dedicated server packages and if you opt to host your Internet sites with our company, there shall not be anything special you'll have to do since the firewall is activated by default for all domains and subdomains that you include using your hosting CP. If required, you'll be able to disable ModSecurity for a certain Internet site or switch on the so-called detection mode in which case the firewall will still operate and record info, but will not do anything to stop possible attacks against your sites. Detailed logs will be readily available in your CP and you'll be able to see what sort of attacks took place, what security rules were triggered and how the firewall addressed the threats, what IP addresses the attacks came from, etc. We use two kinds of rules on our servers - commercial ones from a business which operates in the field of web security, and custom ones that our administrators sometimes include to respond to newly identified threats promptly.

ModSecurity in VPS Servers

ModSecurity is included with all Hepsia-based VPS servers we offer and it will be activated automatically for any new domain or subdomain you include on the web server. In this way, any web application which you install shall be secured right from the start without doing anything manually on your end. The firewall can be handled from the section of the CP that has the same name. This is the location in whichyou can disable ModSecurity or enable its passive mode, so it shall not take any action towards threats, but shall still maintain a thorough log. The recorded info is available inside the same area as well and you shall be able to see what IPs any attacks came from so that you can stop them, what the nature of the attempted attacks was and based on what security rules ModSecurity reacted. The rules that we use on our servers are a blend between commercial ones we obtain from a security company and custom ones that are included by our staff to enhance the protection of any web apps hosted on our end.

ModSecurity in Dedicated Servers

All our dedicated servers which are set up with the Hepsia hosting Control Panel include ModSecurity, so any app that you upload or install will be secured from the very beginning and you'll not have to concern yourself with common attacks or vulnerabilities. An independent section inside Hepsia will allow you to start or stop the firewall for each domain or subdomain, or switch on a detection mode so that it records details about intrusions, but does not take actions to stop them. What you'll see in the logs can allow you to to secure your sites better - the IP an attack originated from, what site was attacked and in what way, what ModSecurity rule was triggered, etcetera. With this info, you can see if an Internet site needs an update, if you ought to block IPs from accessing your web server, and so forth. Aside from the third-party commercial security rules for ModSecurity we use, our administrators include custom ones as well if they come across a new threat that's not yet in the commercial bundle.