ModSecurity

: Hosting Definitions; Disk Space; Hepsia Control Panel; Domains Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Help Desk; Data Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Get Started

ModSecurity is a powerful firewall for Apache web servers which is used to stop attacks against web apps. It tracks the HTTP traffic to a given site in real time and blocks any intrusion attempts the moment it detects them. The firewall relies on a set of rules to do that - for example, attempting to log in to a script admin area without success many times triggers one rule, sending a request to execute a certain file that could result in accessing the website triggers a different rule, etc. ModSecurity is one of the best firewalls available on the market and it'll protect even scripts which are not updated frequently since it can prevent attackers from using known exploits and security holes. Very detailed information about every single intrusion attempt is recorded and the logs the firewall keeps are considerably more detailed than the conventional logs provided by the Apache server, so you could later take a look at them and decide whether you need to take extra measures so as to improve the protection of your script-driven sites.

ModSecurity in Website Hosting

ModSecurity comes standard with all website hosting plans that we supply and it'll be turned on automatically for any domain or subdomain that you add/create in your Hepsia hosting CP. The firewall has 3 different modes, so you can switch on and deactivate it with simply a click or set it to detection mode, so it'll maintain a log of all attacks, but it'll not do anything to stop them. The log for each of your Internet sites will contain in-depth info which includes the nature of the attack, where it came from, what action was taken by ModSecurity, etc. The firewall rules which we use are constantly updated and consist of both commercial ones which we get from a third-party security company and custom ones our system admins include in case that they detect a new kind of attacks. In this way, the sites that you host here will be much more secure with no action expected on your end.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server plans that we offer include ModSecurity and because the firewall is turned on by default, any site which you create under a domain or a subdomain shall be secured straight away. An individual section within the Hepsia CP that comes with the semi-dedicated accounts is devoted to ModSecurity and it shall permit you to start and stop the firewall for any website or switch on a detection mode. With the last mentioned, ModSecurity won't take any action, but it shall still identify possible attacks and shall keep all information inside a log as if it were fully active. The logs could be found within the very same section of the Control Panel and they include info about the IP where an attack came from, what its nature was, what rule ModSecurity applies to identify and stop it, etcetera. The security rules we employ on our machines are a mix between commercial ones from a security firm and custom ones developed by our system admins. Consequently, we provide greater security for your web apps as we can defend them from attacks even before security companies release updates for brand new threats.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are offered with the Hepsia hosting Control Panel, so your web applications shall be protected from the instant your server is in a position. The firewall is turned on by default for any domain or subdomain on the Virtual Private Server, but if needed, you'll be able to disable it with a mouse click through the corresponding section of Hepsia. You may also set it to operate in detection mode, so it'll maintain a comprehensive log of any potential attacks without taking any action to stop them. The logs are available in the exact same section and provide information regarding the nature of the attack, what IP it came from and what ModSecurity rule was initiated to stop it. For best security, we use not just commercial rules from a firm operating in the field of web security, but also custom ones which our administrators add manually so as to respond to new threats which are still not addressed in the commercial rules.

ModSecurity in Dedicated Servers

ModSecurity is provided by default with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain that you create on the web server. In the event that a web app does not work properly, you may either disable the firewall or set it to operate in passive mode. The latter means that ModSecurity shall keep a log of any potential attack that may occur, but will not take any action to prevent it. The logs created in passive or active mode shall give you additional details about the exact file that was attacked, the nature of the attack and the IP address it came from, etcetera. This info will allow you to choose what measures you can take to improve the safety of your Internet sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules that we use are updated regularly with a commercial bundle from a third-party security company we work with, but sometimes our admins include their own rules as well in case they find a new potential threat.