ModSecurity

: Hosting Terminology; AAAA Records; Access Log Manager; Additional RAM; Administration Services; Advanced Tools; Email Aliases; Antivirus Protection; APC; Free Web Apps; Auto-reply Emails; Browsable Daily Backups; Catch-all Emails; CentOS; Live Chat Support; ClientExec Billing And Support Software; Genuine Cloud Architecture; CNAME Records; Web Hosting Control Panel; Hardware; CPanel Control Panel; CPU Share; Cron Jobs; Custom Error Pages; MX And A Records; Daily Data Back-up; Data Centers; Data Compression; Debian; Dedicated IP Address; Server Network Hardware; DirectAdmin Control Panel; Disk Space; Domain Backorders; DomainKeys Identified Mail; Domain Manager; Parked Domains; Domain Registration Transfer; Dreamweaver Compatibility; Dropbox Backups; Email Forwarding; Email Manager; Enom Domain Name Reseller Account; EPP Transfer Protection; Error Log Viewer; Extensive Online Documentation; Extra Dedicated IPs; File Manager; FTP Accounts; FTP Manager; Full DNS Management; WHOIS Management; Guaranteed RAM; Hepsia Control Panel; Domains Hosted; Hotlinking Protection; Htaccess Generator; ID Protect; Imagemagick And GD Library; InnoDB; Installation And Troubleshooting; Instant Account Activation; Integrated Ticketing System; IonCube; IP Blocking; JailHost; Email Accounts; Mailing Lists; Mailing List Members; Managed Services Package; Marketing Tools; Money Back Guarantee; Memcached; Microsoft FPE; ModSecurity; Monitoring And Rebooting; MySQL And Load Stats; 2.5 Gbit Network Connectivity; Data Corruption; Node.js; No Overselling; NS Records; One-Hour Response Guarantee; Perl Modules; Password Protected Directories; Perl Scripting; PgSQL Databases; PostgreSQL Database Storage; Phone Support; PHP 4 And PHP 5 Support; PhpMyAdmin; PhpPgAdmin; Python; RAID; Registrar Lock; Server Reselling Options; Server Side Includes; Shared SSL IP; SiteMap Generator; SMTP Server; Spam Filters; SPF Protection; MySQL Databases; MySQL Database Storage; SRV Records; Data Caching; SSL Certificate Generator; Stable Linux With Apache; Subdomains; Customer Support; Data Traffic; TXT Records; Ubuntu; UPS And Diesel Back-up Generator; Service Uptime; URL Redirection; Varnish; VPN Traffic; Multiple Control Panels; Setup Fee; Multiple OS; Full Root-level Access; SSH Telnet; Web Accelerators; Online Website Builder; Web And FTP Statistics; Web Installer; Webmail; Assisted Website Migration; Website Manager; Free Site Themes; Weekly Backup; Weekly OS Update; Zend Optimizer; ZFS Mails And MySQL; Order

ModSecurity is a powerful web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its performance and if it identifies an intrusion attempt, it prevents it. The firewall also maintains a more detailed log for the traffic than any server does, so you will be able to keep track of what is happening with your websites a lot better than if you rely merely on conventional logs. ModSecurity uses security rules based on which it stops attacks. For example, it detects if someone is trying to log in to the administrator area of a specific script several times or if a request is sent to execute a file with a certain command. In such cases these attempts set off the corresponding rules and the firewall software blocks the attempts right away, and then records detailed info about them inside its logs. ModSecurity is amongst the most effective software firewalls out there and it could easily protect your web applications against thousands of threats and vulnerabilities, especially if you don’t update them or their plugins often.

ModSecurity in Cloud Website Hosting

ModSecurity is available on all cloud website hosting web servers, so if you choose to host your sites with our firm, they will be protected against a wide array of attacks. The firewall is turned on by default for all domains and subdomains, so there shall be nothing you will need to do on your end. You shall be able to stop ModSecurity for any website if required, or to enable a detection mode, so all activity will be recorded, but the firewall won't take any real action. You'll be able to view detailed logs via your Hepsia CP including the IP where the attack came from, what the attacker wished to do and how ModSecurity handled the threat. Since we take the security of our clients' Internet sites very seriously, we use a collection of commercial rules which we get from one of the leading companies that maintain this sort of rules. Our admins also include custom rules to make certain that your sites will be shielded from as many threats as possible.

ModSecurity in Semi-dedicated Servers

ModSecurity is part of our semi-dedicated server packages and if you decide to host your websites with us, there shall not be anything special you'll need to do as the firewall is activated by default for all domains and subdomains you add through your hosting Control Panel. If needed, you could disable ModSecurity for a certain website or switch on the so-called detection mode in which case the firewall will still operate and record information, but shall not do anything to prevent possible attacks on your sites. In depth logs shall be available in your Control Panel and you shall be able to see what type of attacks took place, what security rules were triggered and how the firewall handled the threats, what IP addresses the attacks came from, etc. We use two kinds of rules on our servers - commercial ones from a company which operates in the field of web security, and custom ones that our administrators occasionally add to respond to newly discovered threats promptly.

ModSecurity in VPS Servers

All VPS servers which are offered with the Hepsia CP come with ModSecurity. The firewall is set up and turned on by default for all domains that are hosted on the server, so there won't be anything special which you'll need to do to protect your Internet sites. It will take you just a mouse click to stop ModSecurity if necessary or to turn on its passive mode so that it records what happens without taking any actions to stop intrusions. You'll be able to look at the logs produced in active or passive mode via the corresponding section of Hepsia and learn more about the form of the attack, where it originated from, what rule the firewall employed to deal with it, and so forth. We use a mixture of commercial and custom rules so as to make sure that ModSecurity shall block as many threats as possible, therefore enhancing the security of your web applications as much as possible.

ModSecurity in Dedicated Servers

All of our dedicated servers which are set up with the Hepsia hosting Control Panel come with ModSecurity, so any application which you upload or install will be secured from the very beginning and you will not have to stress about common attacks or vulnerabilities. An individual section inside Hepsia will enable you to start or stop the firewall for any domain or subdomain, or activate a detection mode so that it records info about intrusions, but does not take actions to stop them. What you shall see in the logs shall help you to secure your sites better - the IP an attack originated from, what site was attacked and in what way, what ModSecurity rule was triggered, and so forth. With this data, you could see if an Internet site needs an update, whether you ought to block IPs from accessing your web server, and so forth. In addition to the third-party commercial security rules for ModSecurity that we use, our administrators add custom ones as well whenever they discover a new threat that is not yet included in the commercial bundle.