ModSecurity

: Hosting Terminology; Disk Space; Hepsia Control Panel; Domains Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Support; Bandwidth; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Buy Now

ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its functionality and when it identifies an intrusion attempt, it prevents it. The firewall furthermore keeps a more thorough log for the traffic than any web server does, so you'll be able to keep an eye on what's happening with your websites a lot better than if you rely merely on standard logs. ModSecurity works with security rules based on which it prevents attacks. For example, it detects if somebody is attempting to log in to the administrator area of a particular script a number of times or if a request is sent to execute a file with a particular command. In these cases these attempts trigger the corresponding rules and the firewall blocks the attempts instantly, then records comprehensive information about them inside its logs. ModSecurity is one of the best software firewalls on the market and it can protect your web applications against thousands of threats and vulnerabilities, especially in case you don’t update them or their plugins often.

ModSecurity in Shared Hosting

We offer ModSecurity with all shared hosting solutions, so your web apps shall be resistant to harmful attacks. The firewall is activated by default for all domains and subdomains, but if you would like, you will be able to stop it via the respective area of your Hepsia Control Panel. You can also switch on a detection mode, so ModSecurity will keep a log as intended, but will not take any action. The logs which you'll find within Hepsia are incredibly detailed and offer information about the nature of any attack, when it occurred and from what IP, the firewall rule that was triggered, etcetera. We use a range of commercial rules that are frequently updated, but sometimes our administrators include custom rules as well so as to efficiently protect the Internet sites hosted on our machines.

ModSecurity in Semi-dedicated Hosting

ModSecurity is part of our semi-dedicated hosting packages and if you choose to host your Internet sites with us, there won't be anything special you'll need to do given that the firewall is turned on by default for all domains and subdomains you include using your hosting Control Panel. If required, you'll be able to disable ModSecurity for a given site or activate the so-called detection mode in which case the firewall will still operate and record information, but won't do anything to stop potential attacks against your websites. Detailed logs shall be readily available within your Control Panel and you'll be able to see what sort of attacks occurred, what security rules were triggered and how the firewall addressed the threats, what IP addresses the attacks originated from, etcetera. We employ two kinds of rules on our servers - commercial ones from a company which operates in the field of web security, and customized ones which our admins sometimes include to respond to newly discovered threats on time.

ModSecurity in VPS

ModSecurity is pre-installed on all virtual private servers which are provided with the Hepsia hosting Control Panel, so your web apps shall be protected from the instant your server is ready. The firewall is turned on by default for any domain or subdomain on the VPS, but if required, you'll be able to deactivate it with a click of your mouse via the corresponding section of Hepsia. You could also set it to function in detection mode, so it will maintain a detailed log of any possible attacks without taking any action to prevent them. The logs are available within the very same section and include information regarding the nature of the attack, what IP address it originated from and what ModSecurity rule was activated to stop it. For optimum security, we use not simply commercial rules from a business operating in the field of web security, but also custom ones that our admins include manually in order to react to new risks which are still not dealt with in the commercial rules.

ModSecurity in Dedicated Hosting

ModSecurity is provided with all dedicated servers which are set up with our Hepsia CP and you will not need to do anything specific on your end to employ it because it's turned on by default every time you include a new domain or subdomain on your web server. In case it interferes with some of your applications, you will be able to stop it via the respective area of Hepsia, or you may leave it working in passive mode, so it shall detect attacks and shall still keep a log for them, but won't stop them. You may analyze the logs later to determine what you can do to boost the safety of your Internet sites since you shall find info such as where an intrusion attempt originated from, what website was attacked and based on what rule ModSecurity responded, etcetera. The rules which we use are commercial, hence they're regularly updated by a security provider, but to be on the safe side, our administrators also include custom rules occasionally in order to respond to any new threats they have identified.