ModSecurity

: Glossary; Disk Space; Hepsia Control Panel; Domain Names Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Customer Support; Monthly Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Order

ModSecurity is an effective firewall for Apache web servers which is employed to stop attacks against web applications. It keeps track of the HTTP traffic to a specific website in real time and blocks any intrusion attempts the moment it identifies them. The firewall relies on a set of rules to do that - for example, attempting to log in to a script administration area without success a few times sets off one rule, sending a request to execute a particular file which may result in getting access to the site triggers a different rule, and so forth. ModSecurity is one of the best firewalls out there and it'll preserve even scripts that are not updated on a regular basis because it can prevent attackers from employing known exploits and security holes. Very comprehensive info about each and every intrusion attempt is recorded and the logs the firewall maintains are considerably more specific than the regular logs provided by the Apache server, so you could later analyze them and decide whether you need to take extra measures in order to increase the protection of your script-driven websites.

: ModSecurity in Shared Web Hosting

ModSecurity is offered with each shared web hosting solution that we provide and it's turned on by default for any domain or subdomain which you add through your Hepsia Control Panel. If it interferes with any of your programs or you'd like to disable it for whatever reason, you'll be able to achieve that through the ModSecurity area of Hepsia with only a click. You can also use a passive mode, so the firewall will detect possible attacks and keep a log, but will not take any action. You'll be able to view comprehensive logs in the same section, including the IP address where the attack originated from, what precisely the attacker tried to do and at what time, what ModSecurity did, etc. For max protection of our clients we use a group of commercial firewall rules blended with custom ones that are provided by our system administrators.; ModSecurity in Semi-dedicated Hosting

Any web application that you set up in your new semi-dedicated hosting account will be protected by ModSecurity because the firewall comes with all our hosting packages and is activated by default for any domain and subdomain which you add or create using your Hepsia hosting CP. You shall be able to manage ModSecurity through a dedicated section within Hepsia where not only could you activate or deactivate it fully, but you may also enable a passive mode, so the firewall will not stop anything, but it shall still maintain an archive of potential attacks. This takes just a mouse click and you will be able to view the logs no matter if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was addressed, and so on. The firewall employs two sets of rules on our web servers - a commercial one which we get from a third-party web security firm and a custom one that our administrators update personally as to respond to newly discovered threats immediately.; ModSecurity in VPS Hosting

All virtual private servers that are provided with the Hepsia Control Panel include ModSecurity. The firewall is set up and turned on by default for all domains that are hosted on the machine, so there shall not be anything special that you shall have to do to protect your Internet sites. It shall take you simply a click to stop ModSecurity if necessary or to activate its passive mode so that it records what occurs without taking any actions to prevent intrusions. You'll be able to see the logs generated in passive or active mode from the corresponding section of Hepsia and learn more about the form of the attack, where it came from, what rule the firewall employed to handle it, and so on. We use a combination of commercial and custom rules in order to make sure that ModSecurity will block out as many risks as possible, hence improving the protection of your web programs as much as possible.; ModSecurity in Dedicated Web Hosting

ModSecurity comes with all dedicated servers which are integrated with our Hepsia CP and you'll not need to do anything specific on your end to use it since it's enabled by default each time you add a new domain or subdomain on your web server. In the event that it disrupts any of your programs, you'll be able to stop it via the respective section of Hepsia, or you could leave it in passive mode, so it'll identify attacks and shall still maintain a log for them, but will not block them. You can analyze the logs later to determine what you can do to improve the safety of your websites as you will find information such as where an intrusion attempt came from, what Internet site was attacked and based on what rule ModSecurity reacted, and so forth. The rules which we employ are commercial, hence they're constantly updated by a security provider, but to be on the safe side, our staff also add custom rules every now and then in order to react to any new threats they have found.