ModSecurity

: Hosting Definitions; Disk Space; Hepsia Control Panel; Hosted Domain Names; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Support; Monthly Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Join us

ModSecurity is a highly effective firewall for Apache web servers that is used to prevent attacks towards web applications. It tracks the HTTP traffic to a specific site in real time and stops any intrusion attempts as soon as it identifies them. The firewall uses a set of rules to do that - as an illustration, trying to log in to a script admin area without success a few times activates one rule, sending a request to execute a specific file which may result in accessing the site triggers another rule, and so forth. ModSecurity is amongst the best firewalls available on the market and it'll protect even scripts which aren't updated often since it can prevent attackers from using known exploits and security holes. Incredibly comprehensive information about each and every intrusion attempt is recorded and the logs the firewall maintains are a lot more detailed than the conventional logs created by the Apache server, so you can later examine them and determine whether you need to take more measures so as to enhance the protection of your script-driven websites.

ModSecurity in Shared Web Hosting

We offer ModSecurity with all shared web hosting solutions, so your Internet apps will be protected against harmful attacks. The firewall is turned on as standard for all domains and subdomains, but if you would like, you will be able to stop it using the respective section of your Hepsia Control Panel. You could also switch on a detection mode, so ModSecurity shall keep a log as intended, but will not take any action. The logs which you will find inside Hepsia are very detailed and feature info about the nature of any attack, when it happened and from what IP address, the firewall rule that was triggered, etc. We employ a range of commercial rules which are constantly updated, but sometimes our administrators include custom rules as well in order to better protect the Internet sites hosted on our machines.

ModSecurity in Semi-dedicated Hosting

Any web application that you set up within your new semi-dedicated hosting account will be protected by ModSecurity as the firewall is included with all our hosting solutions and is activated by default for any domain and subdomain that you add or create via your Hepsia hosting Control Panel. You shall be able to manage ModSecurity through a dedicated section inside Hepsia where not only can you activate or deactivate it fully, but you can also switch on a passive mode, so the firewall will not block anything, but it will still maintain a record of potential attacks. This takes just a click and you'll be able to see the logs regardless of if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was addressed, etcetera. The firewall uses two sets of rules on our machines - a commercial one which we get from a third-party web security firm and a custom one which our administrators update manually in order to respond to recently discovered threats as fast as possible.

ModSecurity in VPS Hosting

Security is extremely important to us, so we set up ModSecurity on all virtual private servers that are set up with the Hepsia CP by default. The firewall can be managed via a dedicated section within Hepsia and is activated automatically when you add a new domain or create a subdomain, so you will not need to do anything by hand. You will also be able to deactivate it or activate the so-called detection mode, so it'll maintain a log of potential attacks that you can later study, but won't prevent them. The logs in both passive and active modes include info regarding the type of the attack and how it was eliminated, what IP address it came from and other important data that may help you to tighten the security of your websites by updating them or blocking IPs, for instance. Besides the commercial rules we get for ModSecurity from a third-party security company, we also use our own rules because every now and then we find specific attacks which are not yet present inside the commercial group. This way, we could increase the security of your VPS instantly as opposed to awaiting a certified update.

ModSecurity in Dedicated Web Hosting

ModSecurity is included with all dedicated servers that are set up with our Hepsia Control Panel and you will not have to do anything specific on your end to employ it since it's activated by default every time you include a new domain or subdomain on your hosting server. In the event that it disrupts some of your apps, you will be able to stop it via the respective part of Hepsia, or you may leave it operating in passive mode, so it will recognize attacks and shall still keep a log for them, but shall not prevent them. You may analyze the logs later to learn what you can do to boost the safety of your websites since you will find info such as where an intrusion attempt originated from, what website was attacked and based on what rule ModSecurity responded, etcetera. The rules we use are commercial, therefore they are frequently updated by a security company, but to be on the safe side, our admins also add custom rules occasionally in order to deal with any new threats they have identified.