ModSecurity

: Hosting Terminology; AAAA Records; Access Log Manager; Additional RAM; Administration Services; Advanced Tools; Email Aliases; Antivirus Protection; APC; App Installer; Auto-responder Emails; Browsable Daily Backups; Catch-all Emails; CentOS; Live Chat Support; ClientExec Billing And Support Software; Genuine Cloud Architecture; CNAME Records; Control Panel; Hardware; CPanel Control Panel; CPU Share; Cron Jobs; Custom Error Pages; MX And A Records; Daily Data Back-up; Data Centers; Data Compression; Debian; Dedicated IP Address; Server Network Hardware; DirectAdmin Control Panel; Disk Space; Domain Backorders; DomainKeys Identified Mail; Domain Manager; Parked Domain Names; Domain Registration Transfer; Dreamweaver Compatibility; Dropbox Backups; Email Forwarding; Email Manager; Enom Domain Name Reseller Account; EPP Transfer Protection; Error Log Viewer; Extensive Online Documentation; Extra Dedicated IPs; File Manager; FTP Accounts; FTP Manager; Full DNS Management; Full WHOIS Management; Guaranteed RAM; Hepsia Control Panel; Hosted Domain Names; Hotlink Protection; Htaccess Generator; Domain Privacy Protection; Imagemagick And GD Library; InnoDB; Installation And Troubleshooting; Instant Account Activation; Integrated Ticketing System; IonCube; IP Blocking; JailHost; Email Accounts; Mailing Lists; Mailing List Members; Managed Services Package; Marketing Tools; Money Back Guarantee; Memcached; Microsoft FPE; ModSecurity; Monitoring And Rebooting; MySQL And Load Stats; 2.5 Gbit Network Connectivity; Data Corruption; Node.js; No Overselling; NS Records; One-Hour Response Guarantee; Perl Modules; Password Protected Directories; Perl Scripting; PostgreSQL Databases; PostgreSQL Database Storage; Phone Support; PHP 4 And PHP 5 Support; PhpMyAdmin; PhpPgAdmin; Python; RAID; Registrar Lock; Server Reselling Options; Serverside Includes; Shared SSL IP; SiteMap Generator; SMTP Server; Spam Filters; SPF Protection; MySQL Databases; MySQL Database Storage; SRV Records; Data Caching; SSL Certificate Generator; Stable Linux With Apache; Subdomains; Support; Monthly Traffic; TXT Records; Ubuntu; UPS And Diesel Back-up Generator; Hosting Service Uptime; URL Redirector; Varnish; VPN Traffic; Multiple Control Panels; Setup Fees; Multiple OS; Full Root-level Access; SSH Telnet; Web Accelerators; Online Website Builder; Web And FTP Statistics; Web Installer; Webmail; Assisted Website Migration; Website Manager; Free Website Templates; Weekly Backup; Weekly OS Update; Zend Optimizer; ZFS Mails And MySQL; Purchase

ModSecurity is an effective firewall for Apache web servers which is used to prevent attacks toward web apps. It monitors the HTTP traffic to a certain website in real time and stops any intrusion attempts as soon as it discovers them. The firewall uses a set of rules to accomplish that - for instance, trying to log in to a script administrator area unsuccessfully a few times triggers one rule, sending a request to execute a certain file that could result in gaining access to the website triggers a different rule, and so on. ModSecurity is one of the best firewalls on the market and it will protect even scripts which are not updated regularly since it can prevent attackers from employing known exploits and security holes. Incredibly detailed information about every intrusion attempt is recorded and the logs the firewall maintains are far more comprehensive than the conventional logs generated by the Apache server, so you could later analyze them and decide whether you need to take more measures in order to boost the safety of your script-driven sites.

ModSecurity in Shared Web Hosting

ModSecurity is offered with each shared web hosting package which we offer and it's turned on by default for every domain or subdomain that you add via your Hepsia CP. In the event that it interferes with any of your applications or you would like to disable it for some reason, you'll be able to do that through the ModSecurity area of Hepsia with only a mouse click. You could also activate a passive mode, so the firewall will identify potential attacks and keep a log, but won't take any action. You'll be able to view comprehensive logs in the same section, including the IP address where the attack originated from, what precisely the attacker attempted to do and at what time, what ModSecurity did, etcetera. For maximum protection of our customers we use a collection of commercial firewall rules blended with custom ones that are provided by our system admins.

ModSecurity in Semi-dedicated Hosting

ModSecurity is a part of our semi-dedicated hosting packages and if you decide to host your Internet sites with us, there shall not be anything special you will have to do given that the firewall is turned on by default for all domains and subdomains that you include through your hosting Control Panel. If required, you can disable ModSecurity for a certain Internet site or enable the so-called detection mode in which case the firewall shall still function and record data, but won't do anything to prevent possible attacks on your websites. Comprehensive logs shall be readily available in your CP and you'll be able to see what type of attacks took place, what security rules were triggered and how the firewall addressed the threats, what IP addresses the attacks originated from, etc. We employ 2 sorts of rules on our servers - commercial ones from a business which operates in the field of web security, and customized ones that our admins often include to respond to newly discovered risks promptly.

ModSecurity in VPS Web Hosting

ModSecurity is provided with all Hepsia-based virtual private servers which we offer and it'll be switched on automatically for any new domain or subdomain you add on the server. That way, any web application you install shall be secured from the very beginning without doing anything by hand on your end. The firewall may be managed from the section of the Control Panel that bears the same name. This is the location whereyou can switch off ModSecurity or let its passive mode, so it won't take any action towards threats, but will still maintain a thorough log. The recorded info is available inside the same area as well and you'll be able to see what IPs any attacks originated from so that you stop them, what the nature of the attempted attacks was and based upon what security rules ModSecurity responded. The rules that we employ on our servers are a mixture between commercial ones which we get from a security firm and custom ones which are added by our admins to improve the protection of any web apps hosted on our end.

ModSecurity in Dedicated Servers Hosting

All our dedicated servers that are installed with the Hepsia hosting CP come with ModSecurity, so any app which you upload or set up will be properly secured from the very beginning and you will not have to worry about common attacks or vulnerabilities. An individual section inside Hepsia will enable you to start or stop the firewall for each domain or subdomain, or activate a detection mode so that it records details about intrusions, but doesn't take actions to stop them. What you shall find in the logs shall help you to secure your Internet sites better - the IP address an attack came from, what website was attacked and how, what ModSecurity rule was triggered, and so forth. With this information, you can see whether an Internet site needs an update, whether you need to block IPs from accessing your web server, etcetera. On top of the third-party commercial security rules for ModSecurity we use, our administrators add custom ones as well when they come across a new threat that is not yet included in the commercial bundle.