ModSecurity

: Hosting Terminology; Disk Space; Hepsia Control Panel; Domains Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Support; Bandwidth; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Order

ModSecurity is a highly effective web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to an Internet site without affecting its performance and if it identifies an intrusion attempt, it prevents it. The firewall furthermore maintains a more thorough log for the site visitors than any server does, so you shall manage to keep an eye on what is going on with your websites a lot better than if you rely merely on standard logs. ModSecurity uses security rules based on which it prevents attacks. For example, it recognizes whether anyone is attempting to log in to the administration area of a particular script several times or if a request is sent to execute a file with a particular command. In such instances these attempts trigger the corresponding rules and the firewall software hinders the attempts immediately, after that records comprehensive information about them within its logs. ModSecurity is amongst the very best software firewalls out there and it could easily protect your web applications against thousands of threats and vulnerabilities, especially in case you don’t update them or their plugins often.

ModSecurity in Cloud Website Hosting

ModSecurity is supplied with all cloud website hosting machines, so when you choose to host your websites with our business, they'll be shielded from a wide array of attacks. The firewall is turned on by default for all domains and subdomains, so there will be nothing you shall have to do on your end. You will be able to stop ModSecurity for any site if necessary, or to activate a detection mode, so that all activity shall be recorded, but the firewall will not take any real action. You shall be able to view specific logs from your Hepsia CP including the IP where the attack originated from, what the attacker wished to do and how ModSecurity handled the threat. As we take the safety of our customers' sites very seriously, we employ a group of commercial rules that we take from one of the leading companies which maintain such rules. Our administrators also add custom rules to make certain that your Internet sites shall be resistant to as many risks as possible.

ModSecurity in Semi-dedicated Servers

Any web program which you set up inside your new semi-dedicated server account shall be protected by ModSecurity because the firewall comes with all our hosting packages and is switched on by default for any domain and subdomain which you add or create through your Hepsia hosting CP. You'll be able to manage ModSecurity via a dedicated section inside Hepsia where not only can you activate or deactivate it completely, but you may also enable a passive mode, so the firewall will not block anything, but it shall still maintain an archive of potential attacks. This requires simply a mouse click and you'll be able to see the logs regardless if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was addressed, etc. The firewall employs 2 sets of rules on our web servers - a commercial one that we get from a third-party web security firm and a custom one which our admins update personally in order to respond to recently discovered threats as fast as possible.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are set up with the Hepsia hosting Control Panel, so your web programs shall be protected from the instant your server is in a position. The firewall is switched on by default for any domain or subdomain on the VPS, but if required, you could deactivate it with a click of your mouse via the corresponding section of Hepsia. You can also set it to function in detection mode, so it will keep a detailed log of any potential attacks without taking any action to stop them. The logs can be found within the same section and include info about the nature of the attack, what IP it originated from and what ModSecurity rule was triggered to stop it. For maximum security, we employ not simply commercial rules from a company operating in the field of web security, but also custom ones which our administrators add manually so as to respond to new risks which are still not dealt with in the commercial rules.

ModSecurity in Dedicated Servers

ModSecurity comes with all dedicated servers which are set up with our Hepsia Control Panel and you will not have to do anything specific on your end to employ it because it is switched on by default each time you include a new domain or subdomain on your web server. In the event that it disrupts any of your applications, you will be able to stop it through the respective area of Hepsia, or you may leave it working in passive mode, so it shall detect attacks and will still maintain a log for them, but won't block them. You can examine the logs later to find out what you can do to improve the security of your websites as you'll find info such as where an intrusion attempt came from, what site was attacked and in accordance with what rule ModSecurity responded, etc. The rules we employ are commercial, thus they're frequently updated by a security company, but to be on the safe side, our staff also add custom rules every now and then in order to respond to any new threats they have discovered.