ModSecurity

: Definitions; Disk Space; Hepsia Control Panel; Hosted Domains; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Customer Support; Bandwidth; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Join us

ModSecurity is a highly effective firewall for Apache web servers that's used to stop attacks against web applications. It monitors the HTTP traffic to a certain site in real time and blocks any intrusion attempts as soon as it discovers them. The firewall relies on a set of rules to do that - as an illustration, trying to log in to a script administration area unsuccessfully many times sets off one rule, sending a request to execute a specific file which may result in gaining access to the website triggers another rule, and so on. ModSecurity is among the best firewalls on the market and it will preserve even scripts that aren't updated regularly as it can prevent attackers from employing known exploits and security holes. Quite thorough info about each intrusion attempt is recorded and the logs the firewall maintains are much more specific than the standard logs generated by the Apache server, so you can later take a look at them and decide if you need to take extra measures in order to increase the safety of your script-driven websites.

ModSecurity in Web Hosting

We offer ModSecurity with all web hosting solutions, so your Internet apps will be shielded from destructive attacks. The firewall is activated as standard for all domains and subdomains, but in case you'd like, you'll be able to stop it via the respective part of your Hepsia CP. You can also activate a detection mode, so ModSecurity shall keep a log as intended, but shall not take any action. The logs which you shall discover inside Hepsia are very detailed and offer data about the nature of any attack, when it happened and from what IP, the firewall rule which was triggered, and so forth. We employ a set of commercial rules that are frequently updated, but sometimes our administrators include custom rules as well so as to efficiently protect the websites hosted on our machines.

ModSecurity in Dedicated Servers Hosting

ModSecurity is available as standard with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain you create on the server. In case that a web app does not work properly, you may either disable the firewall or set it to work in passive mode. The latter means that ModSecurity will maintain a log of any possible attack which might happen, but won't take any action to prevent it. The logs produced in active or passive mode will provide you with additional details about the exact file which was attacked, the type of the attack and the IP it originated from, and so forth. This data shall enable you to determine what steps you can take to enhance the safety of your websites, including blocking IPs or performing script and plugin updates. The ModSecurity rules which we employ are updated frequently with a commercial pack from a third-party security firm we work with, but occasionally our staff add their own rules as well when they identify a new potential threat.