ModSecurity

: Glossary; Disk Space; Hepsia Control Panel; Hosted Domain Names; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Help Desk; Monthly Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Buy Now

ModSecurity is a plugin for Apache web servers that functions as a web app layer firewall. It's used to prevent attacks toward script-driven Internet sites by employing security rules that contain particular expressions. This way, the firewall can block hacking and spamming attempts and protect even websites that are not updated regularly. For instance, a number of failed login attempts to a script administrator area or attempts to execute a specific file with the intention to get access to the script shall trigger certain rules, so ModSecurity will block out these activities the instant it discovers them. The firewall is very efficient since it monitors the whole HTTP traffic to a website in real time without slowing it down, so it could stop an attack before any damage is done. It furthermore keeps a very comprehensive log of all attack attempts that contains more info than typical Apache logs, so you can later analyze the data and take additional measures to boost the security of your sites if necessary.

ModSecurity in Shared Website Hosting

ModSecurity is provided with all shared website hosting servers, so if you decide to host your websites with our organization, they'll be resistant to a wide range of attacks. The firewall is enabled as standard for all domains and subdomains, so there will be nothing you shall have to do on your end. You'll be able to stop ModSecurity for any website if necessary, or to switch on a detection mode, so that all activity will be recorded, but the firewall won't take any real action. You'll be able to view detailed logs through your Hepsia CP including the IP where the attack originated from, what the attacker wanted to do and how ModSecurity dealt with the threat. Since we take the protection of our clients' websites very seriously, we use a collection of commercial rules which we take from one of the top companies that maintain this type of rules. Our administrators also add custom rules to make sure that your Internet sites shall be resistant to as many risks as possible.

ModSecurity in Semi-dedicated Servers

We have incorporated ModSecurity by default in all semi-dedicated server plans, so your web apps shall be protected whenever you set them up under any domain or subdomain. The Hepsia CP which is included with the semi-dedicated accounts will permit you to activate or disable the firewall for any website with a mouse click. You shall also have the ability to switch on a passive detection mode in which ModSecurity shall maintain a log of possible attacks without actually preventing them. The comprehensive logs include things like the nature of the attack and what ModSecurity response that attack initiated, where it originated from, etc. The list of rules we use is constantly updated in order to match any new threats that may appear on the Internet and it includes both commercial rules that we get from a security business and custom-written ones that our administrators include in the event that they find a threat that is not present within the commercial list yet.

ModSecurity in VPS Servers

ModSecurity comes with all Hepsia-based VPS servers we offer and it will be switched on automatically for every new domain or subdomain which you include on the web server. In this way, any web app that you install will be protected right away without doing anything by hand on your end. The firewall can be handled through the section of the CP that bears the same name. This is the place in whichyou could disable ModSecurity or let its passive mode, so it won't take any action towards threats, but will still keep a detailed log. The recorded information is available in the same area as well and you shall be able to see what IPs any attacks originated from so that you can block them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity responded. The rules we use on our servers are a blend between commercial ones which we obtain from a security firm and custom ones that are included by our admins to improve the security of any web apps hosted on our end.

ModSecurity in Dedicated Servers

If you decide to host your sites on a dedicated server with the Hepsia Control Panel, your web programs shall be secured straight away because ModSecurity is provided with all Hepsia-based plans. You'll be able to regulate the firewall with ease and if necessary, you shall be able to turn it off or switch on its passive mode when it will only keep a log of what is going on without taking any action to prevent possible attacks. The logs which you will find in the exact same section of the CP are extremely detailed and feature data about the attacker IP, what website and file were attacked and in what way, what rule the firewall employed to stop the intrusion, etcetera. This data shall enable you to take measures and boost the protection of your Internet sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones which our administrators add when they detect attacks that have not yet been included inside the commercial pack.