ModSecurity

: Glossary; Disk Space; Hepsia Control Panel; Domains Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Support; Data Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Purchase

ModSecurity is a potent web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to a website without affecting its functionality and in case it detects an intrusion attempt, it blocks it. The firewall additionally keeps a more comprehensive log for the site visitors than any web server does, so you will be able to keep track of what is going on with your sites better than if you rely simply on conventional logs. ModSecurity works with security rules based on which it helps prevent attacks. For example, it detects whether anyone is trying to log in to the administrator area of a certain script a number of times or if a request is sent to execute a file with a particular command. In these cases these attempts set off the corresponding rules and the firewall blocks the attempts right away, then records detailed information about them inside its logs. ModSecurity is amongst the best software firewalls out there and it can protect your web applications against a large number of threats and vulnerabilities, especially in case you don’t update them or their plugins frequently.

ModSecurity in Shared Hosting

ModSecurity is available with each shared hosting plan which we offer and it's turned on by default for any domain or subdomain that you add through your Hepsia Control Panel. In the event that it interferes with any of your apps or you'd like to disable it for any reason, you shall be able to accomplish that through the ModSecurity section of Hepsia with merely a click. You may also activate a passive mode, so the firewall will recognize potential attacks and keep a log, but will not take any action. You can view comprehensive logs in the exact same section, including the IP address where the attack came from, what exactly the attacker tried to do and at what time, what ModSecurity did, and so forth. For optimum protection of our customers we use a collection of commercial firewall rules combined with custom ones that are included by our system admins.

ModSecurity in Semi-dedicated Hosting

We've incorporated ModSecurity by default in all semi-dedicated hosting products, so your web apps will be protected whenever you set them up under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts shall permit you to switch on or turn off the firewall for any site with a mouse click. You will also have the ability to switch on a passive detection mode with which ModSecurity shall maintain a log of possible attacks without really preventing them. The detailed logs include the nature of the attack and what ModSecurity response that attack triggered, where it originated from, etcetera. The list of rules we employ is regularly updated as to match any new risks which could appear on the Internet and it comes with both commercial rules that we get from a security company and custom-written ones that our administrators include if they discover a threat that is not present within the commercial list yet.

ModSecurity in VPS Web Hosting

ModSecurity is included with all Hepsia-based virtual private servers that we offer and it will be activated automatically for any new domain or subdomain which you include on the machine. This way, any web app that you install shall be secured right away without doing anything manually on your end. The firewall may be managed via the section of the Control Panel which bears the same name. This is the location whereyou can disable ModSecurity or enable its passive mode, so it won't take any action towards threats, but shall still keep a comprehensive log. The recorded information is available inside the same area as well and you will be able to see what IPs any attacks came from so that you can block them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity reacted. The rules we employ on our servers are a blend between commercial ones that we obtain from a security company and custom ones which are added by our administrators to maximize the protection of any web apps hosted on our end.

ModSecurity in Dedicated Servers Hosting

ModSecurity is included with all dedicated servers which are set up with our Hepsia Control Panel and you'll not need to do anything specific on your end to use it because it's enabled by default every time you add a new domain or subdomain on your server. In case it interferes with some of your apps, you shall be able to stop it through the respective area of Hepsia, or you can leave it in passive mode, so it shall detect attacks and will still maintain a log for them, but won't stop them. You may examine the logs later to find out what you can do to boost the safety of your Internet sites as you shall find information such as where an intrusion attempt came from, what website was attacked and in accordance with what rule ModSecurity responded, etc. The rules that we employ are commercial, hence they're constantly updated by a security company, but to be on the safe side, our admins also add custom rules from time to time as to react to any new threats they have discovered.