ModSecurity

: Glossary; Disk Space; Hepsia Control Panel; Hosted Domains; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Support; Bandwidth; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Get Started

ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its operation and if it detects an intrusion attempt, it prevents it. The firewall furthermore keeps a more comprehensive log for the site visitors than any server does, so you will be able to keep an eye on what's going on with your Internet sites much better than if you rely merely on standard logs. ModSecurity uses security rules based on which it helps prevent attacks. For instance, it identifies if someone is trying to log in to the administration area of a given script multiple times or if a request is sent to execute a file with a specific command. In these circumstances these attempts set off the corresponding rules and the firewall software blocks the attempts immediately, and then records comprehensive details about them within its logs. ModSecurity is amongst the most effective software firewalls available and it can easily protect your web apps against a large number of threats and vulnerabilities, particularly in case you don’t update them or their plugins often.

ModSecurity in Cloud Hosting

We offer ModSecurity with all cloud hosting solutions, so your web applications will be protected against harmful attacks. The firewall is activated as standard for all domains and subdomains, but if you would like, you will be able to stop it using the respective section of your Hepsia Control Panel. You'll be able to also switch on a detection mode, so ModSecurity shall keep a log as intended, but won't take any action. The logs that you'll find within Hepsia are incredibly detailed and include info about the nature of any attack, when it occurred and from what IP, the firewall rule that was triggered, and so forth. We use a group of commercial rules that are regularly updated, but sometimes our admins include custom rules as well so as to efficiently protect the Internet sites hosted on our servers.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting plans which we offer feature ModSecurity and given that the firewall is turned on by default, any website you set up under a domain or a subdomain will be secured right from the start. An individual section inside the Hepsia CP that comes with the semi-dedicated accounts is dedicated to ModSecurity and it shall permit you to start and stop the firewall for any Internet site or activate a detection mode. With the latter, ModSecurity will not take any action, but it shall still recognize possible attacks and shall keep all info in a log as if it were completely active. The logs can be found inside the same section of the Control Panel and they feature info about the IP where an attack came from, what its nature was, what rule ModSecurity applies to detect and stop it, and so on. The security rules we employ on our servers are a mix of commercial ones from a security firm and custom ones developed by our system administrators. Therefore, we offer greater security for your web applications as we can shield them from attacks before security firms release updates for new threats.

ModSecurity in VPS

ModSecurity is pre-installed on all virtual private servers that are offered with the Hepsia hosting CP, so your web apps will be secured from the instant your server is ready. The firewall is activated by default for any domain or subdomain on the Virtual Private Server, but if needed, you could disable it with a mouse click via the corresponding section of Hepsia. You could also set it to function in detection mode, so it'll keep an extensive log of any possible attacks without taking any action to stop them. The logs are available in the exact same section and offer information about the nature of the attack, what IP address it came from and what ModSecurity rule was triggered to stop it. For best security, we use not just commercial rules from a firm working in the field of web security, but also custom ones that our admins include manually in order to respond to new threats which are still not dealt with in the commercial rules.

ModSecurity in Dedicated Hosting

All of our dedicated servers which are set up with the Hepsia hosting CP include ModSecurity, so any program that you upload or install will be protected from the very beginning and you will not need to bother about common attacks or vulnerabilities. An individual section in Hepsia will enable you to start or stop the firewall for each and every domain or subdomain, or turn on a detection mode so that it records info about intrusions, but does not take actions to prevent them. What you shall see in the logs can easily enable you to to secure your Internet sites better - the IP address an attack originated from, what site was attacked and exactly how, what ModSecurity rule was triggered, etcetera. With this info, you can see whether a website needs an update, whether you need to block IPs from accessing your hosting server, and so on. Aside from the third-party commercial security rules for ModSecurity we use, our administrators include custom ones as well if they come across a new threat which is not yet in the commercial bundle.