ModSecurity

: Terminology; Disk Space; Hepsia Control Panel; Hosted Domain Names; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Help Desk; Monthly Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Purchase

ModSecurity is a powerful web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to an Internet site without affecting its functionality and if it discovers an intrusion attempt, it prevents it. The firewall also maintains a more detailed log for the website visitors than any server does, so you will be able to keep track of what is going on with your websites a lot better than if you rely merely on standard logs. ModSecurity works with security rules based on which it stops attacks. For instance, it identifies whether someone is attempting to log in to the administration area of a given script multiple times or if a request is sent to execute a file with a particular command. In such cases these attempts set off the corresponding rules and the software blocks the attempts right away, and then records in-depth information about them in its logs. ModSecurity is one of the most effective software firewalls available and it can protect your web apps against thousands of threats and vulnerabilities, particularly if you don’t update them or their plugins frequently.

ModSecurity in Shared Hosting

We provide ModSecurity with all shared hosting solutions, so your Internet apps will be resistant to destructive attacks. The firewall is switched on by default for all domains and subdomains, but in case you'd like, you shall be able to stop it via the respective section of your Hepsia CP. You can also activate a detection mode, so ModSecurity will keep a log as intended, but won't take any action. The logs which you will discover inside Hepsia are very detailed and offer information about the nature of any attack, when it transpired and from what IP address, the firewall rule that was triggered, and so forth. We employ a range of commercial rules which are often updated, but sometimes our administrators include custom rules as well in order to efficiently protect the websites hosted on our servers.

ModSecurity in Semi-dedicated Hosting

Any web program you set up in your new semi-dedicated hosting account will be protected by ModSecurity as the firewall comes with all our hosting plans and is switched on by default for any domain and subdomain that you add or create through your Hepsia hosting CP. You will be able to manage ModSecurity via a dedicated area within Hepsia where not only can you activate or deactivate it completely, but you can also activate a passive mode, so the firewall shall not stop anything, but it will still keep a record of possible attacks. This requires just a mouse click and you will be able to look at the logs regardless if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was handled, etcetera. The firewall uses 2 groups of rules on our servers - a commercial one which we get from a third-party web security firm and a custom one that our administrators update manually as to respond to recently discovered risks as quickly as possible.

ModSecurity in VPS Web Hosting

Security is essential to us, so we set up ModSecurity on all virtual private servers that are provided with the Hepsia CP by default. The firewall could be managed through a dedicated section inside Hepsia and is activated automatically when you include a new domain or create a subdomain, so you will not have to do anything manually. You shall also be able to disable it or activate the so-called detection mode, so it shall keep a log of possible attacks that you can later examine, but won't prevent them. The logs in both passive and active modes include details regarding the form of the attack and how it was eliminated, what IP address it came from and other important info that might help you to tighten the security of your Internet sites by updating them or blocking IPs, for example. Beyond the commercial rules we get for ModSecurity from a third-party security enterprise, we also use our own rules since every now and then we discover specific attacks which aren't yet present in the commercial package. This way, we could enhance the protection of your VPS right away as opposed to waiting for an official update.

ModSecurity in Dedicated Servers Hosting

If you choose to host your websites on a dedicated server with the Hepsia CP, your web applications shall be secured straight away because ModSecurity is provided with all Hepsia-based plans. You'll be able to regulate the firewall easily and if required, you shall be able to turn it off or activate its passive mode when it'll only maintain a log of what is going on without taking any action to prevent potential attacks. The logs that you can find in the exact same section of the CP are extremely detailed and feature information about the attacker IP, what site and file were attacked and in what ways, what rule the firewall used to prevent the intrusion, etc. This information shall enable you to take measures and increase the protection of your Internet sites even more. To be on the safe side, we employ not just commercial rules, but also custom-made ones which our administrators add every time they detect attacks which haven't yet been included within the commercial pack.