ModSecurity

: Hosting Definitions; Disk Space; Hepsia Control Panel; Hosted Domains; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Help Desk; Monthly Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Get Started

ModSecurity is a powerful firewall for Apache web servers which is employed to stop attacks against web applications. It tracks the HTTP traffic to a particular website in real time and prevents any intrusion attempts the moment it detects them. The firewall uses a set of rules to do that - for instance, trying to log in to a script administration area without success a few times activates one rule, sending a request to execute a particular file which may result in accessing the Internet site triggers a different rule, etc. ModSecurity is among the best firewalls available and it'll preserve even scripts which aren't updated often as it can prevent attackers from using known exploits and security holes. Very comprehensive data about each and every intrusion attempt is recorded and the logs the firewall keeps are far more comprehensive than the standard logs generated by the Apache server, so you could later examine them and decide if you need to take extra measures in order to increase the safety of your script-driven websites.

ModSecurity in Shared Website Hosting

ModSecurity is available with every shared website hosting solution that we offer and it's switched on by default for every domain or subdomain which you include via your Hepsia CP. In case it disrupts any of your applications or you would like to disable it for whatever reason, you shall be able to achieve that through the ModSecurity area of Hepsia with only a mouse click. You could also enable a passive mode, so the firewall will detect possible attacks and keep a log, but won't take any action. You can see comprehensive logs in the exact same section, including the IP address where the attack originated from, what exactly the attacker attempted to do and at what time, what ModSecurity did, and so on. For maximum safety of our clients we use a group of commercial firewall rules blended with custom ones that are included by our system administrators.

ModSecurity in Semi-dedicated Servers

Any web app that you set up within your new semi-dedicated server account shall be protected by ModSecurity because the firewall is included with all our hosting solutions and is switched on by default for any domain and subdomain you add or create through your Hepsia hosting Control Panel. You'll be able to manage ModSecurity via a dedicated area within Hepsia where not simply could you activate or deactivate it entirely, but you may also activate a passive mode, so the firewall shall not stop anything, but it'll still keep a record of potential attacks. This requires just a mouse click and you'll be able to look at the logs regardless of if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was handled, and so forth. The firewall employs two sets of rules on our machines - a commercial one which we get from a third-party web security company and a custom one that our admins update personally as to respond to recently discovered threats as quickly as possible.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers which are set up with the Hepsia hosting Control Panel, so your web programs will be protected from the moment your server is in a position. The firewall is switched on by default for any domain or subdomain on the VPS, but if necessary, you'll be able to disable it with a click via the corresponding section of Hepsia. You may also set it to operate in detection mode, so it'll keep a detailed log of any possible attacks without taking any action to stop them. The logs are available inside the same section and include info about the nature of the attack, what IP it came from and what ModSecurity rule was initiated to stop it. For maximum security, we employ not simply commercial rules from a company operating in the field of web security, but also custom ones that our admins add personally in order to react to new threats that are still not tackled in the commercial rules.

ModSecurity in Dedicated Servers

ModSecurity comes with all dedicated servers which are integrated with our Hepsia Control Panel and you'll not need to do anything specific on your end to employ it since it's activated by default whenever you add a new domain or subdomain on your server. In case it interferes with any of your apps, you will be able to stop it through the respective part of Hepsia, or you may leave it working in passive mode, so it'll detect attacks and shall still maintain a log for them, but won't block them. You may look at the logs later to learn what you can do to increase the protection of your sites as you'll find info such as where an intrusion attempt came from, what site was attacked and in accordance with what rule ModSecurity reacted, and so on. The rules we employ are commercial, thus they're constantly updated by a security firm, but to be on the safe side, our staff also add custom rules every now and then in order to react to any new threats they have identified.