ModSecurity

: Terminology; AAAA Records; Access Log Manager; Additional RAM; Administration Services; Advanced Tools; Email Aliases; Antivirus Protection; APC; App Installer; Auto-reply Emails; Browsable Daily Backups; Catch-all Emails; CentOS; Live Chat Support; ClientExec Billing And Support Software; Genuine Cloud Architecture; CNAME Records; Control Panel; Hardware; CPanel Control Panel; CPU Share; Cron Jobs; Custom Error Pages; MX And A Records; Daily Data Back-up; Data Centers; Data Compression; Debian; Dedicated IP Address; Server Network Hardware; DirectAdmin Control Panel; Disk Space; Domain Backorders; DomainKeys Identified Mail; Domain Manager; Parked Domains; Domain Registration Transfer; Dreamweaver Compatibility; Dropbox Backups; Email Forwarding; Email Manager; Enom Domain Name Reseller Account; EPP Transfer Protection; Error Log Viewer; Extensive Online Documentation; Extra Dedicated IPs; File Manager; FTP Accounts; FTP Manager; Full DNS Management; Full WHOIS Management; Guaranteed RAM; Hepsia Control Panel; Domains Hosted; Hotlink Protection; Htaccess Generator; WHOIS Privacy Protection; Imagemagick And GD Library; InnoDB; Installation And Troubleshooting; Integrated Ticketing System; IonCube; IP Blocking; JailHost; Email Accounts; Mailing Lists; Mailing List Members; Managed Services Package; Marketing Tools; Money Back Guarantee; Memcached; Microsoft Frontpage Extensions; ModSecurity; Monitoring And Rebooting; MySQL And Load Stats; 2.5 Gbit Network Connectivity; Data Corruption; Node.js; No Overselling; NS Records; One-Hour Response Guarantee; Perl Modules; Password Protected Directories; Perl Scripting; PgSQL Databases; PgSQL Database Storage; Phone Support; PHP 4 PHP 5 And PHP 7 Support; PhpMyAdmin; PhpPgAdmin; Python; RAID; Registrar Lock; Server Reselling Options; SSI; Shared SSL IP; SiteMap Generator; SMTP Server; Spam Filters; SPF Protection; MySQL Databases; MySQL Database Storage; SRV Records; Data Caching; SSL Certificate Generator; Stable Linux With Apache; Subdomains; Help Desk; Bandwidth; TXT Records; Ubuntu; UPS And Diesel Back-up Generator; Service Uptime; URL Redirection; Varnish; VPN Traffic; Multiple Control Panels; Setup Fees; Multiple OS; Full Root-level Access; SSH Telnet; Web Accelerators; Online Website Builder; Web And FTP Statistics; Web Installer; Webmail; Assisted Website Migration; Website Manager; Free Site Templates; Weekly Backup; Weekly OS Update; Zend Optimizer; ZFS Mails And MySQL; Order

ModSecurity is a plugin for Apache web servers that functions as a web application layer firewall. It is used to stop attacks toward script-driven sites by employing security rules which contain specific expressions. This way, the firewall can prevent hacking and spamming attempts and shield even websites that aren't updated on a regular basis. For example, a number of failed login attempts to a script admin area or attempts to execute a specific file with the intention to get access to the script shall trigger particular rules, so ModSecurity shall block these activities the instant it discovers them. The firewall is quite efficient because it screens the entire HTTP traffic to a website in real time without slowing it down, so it could stop an attack before any harm is done. It also maintains a very thorough log of all attack attempts which contains more information than standard Apache logs, so you can later analyze the data and take additional measures to improve the security of your Internet sites if necessary.

ModSecurity in Cloud Website Hosting

We offer ModSecurity with all cloud website hosting plans, so your web apps shall be shielded from destructive attacks. The firewall is switched on as standard for all domains and subdomains, but if you would like, you will be able to stop it using the respective part of your Hepsia CP. You can also activate a detection mode, so ModSecurity will keep a log as intended, but shall not take any action. The logs that you will find in Hepsia are incredibly detailed and offer data about the nature of any attack, when it took place and from what IP address, the firewall rule that was triggered, and so on. We employ a group of commercial rules that are often updated, but sometimes our administrators add custom rules as well so as to better protect the Internet sites hosted on our machines.

ModSecurity in Semi-dedicated Servers

ModSecurity is part of our semi-dedicated server solutions and if you opt to host your Internet sites with us, there shall not be anything special you'll need to do given that the firewall is activated by default for all domains and subdomains you add through your hosting CP. If required, you could disable ModSecurity for a particular Internet site or turn on the so-called detection mode in which case the firewall shall still function and record data, but will not do anything to prevent potential attacks against your sites. Detailed logs will be accessible within your Control Panel and you'll be able to see which kind of attacks happened, what security rules were triggered and how the firewall addressed the threats, what Internet protocol addresses the attacks came from, etc. We employ two sorts of rules on our servers - commercial ones from a business that operates in the field of web security, and custom ones that our admins often add to respond to newly discovered threats promptly.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers which are provided with the Hepsia hosting CP, so your web programs shall be secured from the moment your server is ready. The firewall is activated by default for any domain or subdomain on the VPS, but if necessary, you can disable it with a mouse click through the corresponding section of Hepsia. You can also set it to operate in detection mode, so it will maintain a detailed log of any potential attacks without taking any action to prevent them. The logs are available within the very same section and include information about the nature of the attack, what IP address it originated from and what ModSecurity rule was initiated to stop it. For maximum security, we employ not just commercial rules from a company working in the field of web security, but also custom ones our admins add manually so as to respond to new risks that are still not addressed in the commercial rules.

ModSecurity in Dedicated Servers

All our dedicated servers which are installed with the Hepsia hosting CP include ModSecurity, so any application you upload or install will be protected from the very beginning and you won't need to concern yourself with common attacks or vulnerabilities. An individual section inside Hepsia will enable you to start or stop the firewall for every domain or subdomain, or turn on a detection mode so that it records details about intrusions, but does not take actions to prevent them. What you'll find in the logs can easily allow you to to secure your websites better - the IP an attack came from, what website was attacked as well as how, what ModSecurity rule was triggered, etcetera. With this data, you could see if a site needs an update, if you ought to block IPs from accessing your hosting server, etc. In addition to the third-party commercial security rules for ModSecurity which we use, our admins include custom ones as well whenever they find a new threat that is not yet included in the commercial bundle.