ModSecurity

: Hosting Definitions; Disk Space; Hepsia Control Panel; Domains Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Help Desk; Bandwidth; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Join us

ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a site without affecting its operation and when it identifies an intrusion attempt, it blocks it. The firewall additionally maintains a more detailed log for the site visitors than any server does, so you will manage to monitor what is going on with your sites better than if you rely simply on conventional logs. ModSecurity uses security rules based on which it stops attacks. For instance, it identifies whether somebody is trying to log in to the administration area of a given script several times or if a request is sent to execute a file with a specific command. In these situations these attempts set off the corresponding rules and the firewall program hinders the attempts right away, then records detailed info about them inside its logs. ModSecurity is among the most effective software firewalls on the market and it can protect your web applications against a large number of threats and vulnerabilities, especially in case you don’t update them or their plugins regularly.

ModSecurity in Website Hosting

We provide ModSecurity with all website hosting plans, so your web applications will be protected against destructive attacks. The firewall is switched on by default for all domains and subdomains, but in case you'd like, you will be able to stop it using the respective part of your Hepsia Control Panel. You can also switch on a detection mode, so ModSecurity will keep a log as intended, but will not take any action. The logs which you'll find within Hepsia are extremely detailed and offer info about the nature of any attack, when it transpired and from what IP address, the firewall rule that was triggered, etcetera. We use a range of commercial rules which are frequently updated, but sometimes our admins include custom rules as well so as to better protect the sites hosted on our servers.

ModSecurity in Semi-dedicated Hosting

We have included ModSecurity as a standard within all semi-dedicated hosting products, so your web apps shall be protected whenever you set them up under any domain or subdomain. The Hepsia Control Panel which comes with the semi-dedicated accounts shall allow you to switch on or disable the firewall for any website with a click. You will also have the ability to turn on a passive detection mode with which ModSecurity will maintain a log of possible attacks without really stopping them. The comprehensive logs contain the nature of the attack and what ModSecurity response this attack activated, where it originated from, and so on. The list of rules which we use is regularly updated in order to match any new risks which may appear on the Internet and it comes with both commercial rules that we get from a security business and custom-written ones which our administrators add in case they discover a threat that's not present in the commercial list yet.

ModSecurity in VPS Hosting

ModSecurity is pre-installed on all virtual private servers which are offered with the Hepsia hosting Control Panel, so your web applications will be secured from the instant your server is in a position. The firewall is turned on by default for any domain or subdomain on the Virtual Private Server, but if required, you could disable it with a mouse click via the corresponding section of Hepsia. You may also set it to work in detection mode, so it shall maintain a comprehensive log of any potential attacks without taking any action to prevent them. The logs can be found inside the same section and include details about the nature of the attack, what IP address it came from and what ModSecurity rule was activated to stop it. For best security, we employ not simply commercial rules from a business working in the field of web security, but also custom ones our administrators add manually in order to respond to new threats which are still not dealt with in the commercial rules.

ModSecurity in Dedicated Web Hosting

ModSecurity is offered as standard with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain which you create on the web server. In case that a web app does not work properly, you can either switch off the firewall or set it to operate in passive mode. The second means that ModSecurity shall keep a log of any possible attack that might happen, but won't take any action to stop it. The logs produced in active or passive mode will offer you additional details about the exact file which was attacked, the form of the attack and the IP it came from, and so on. This info will permit you to decide what steps you can take to improve the security of your Internet sites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we employ are updated regularly with a commercial pack from a third-party security enterprise we work with, but oftentimes our admins add their own rules too when they find a new potential threat.