ModSecurity

: Hosting Definitions; AAAA Records; Access Log Manager; Additional RAM; Administration Services; Advanced Tools; Email Aliases; Antivirus Protection; APC; Web Applications; Auto-reply Emails; Browsable Daily Backups; Catch-all Emails; CentOS; Live Chat Support; ClientExec Billing And Support Software; Genuine Cloud Architecture; CNAME Records; Hosting Control Panel; Hardware; CPanel Control Panel; CPU Share; Cron Jobs; Custom Error Pages; MX And A Records; Daily Data Back-up; Data Centers; Data Compression; Debian; Dedicated IP; Server Network Hardware; DirectAdmin Control Panel; Disk Space; Domain Backorders; DomainKeys Identified Mail; Domain Manager; Parked Domain Names; Domain Registration Transfer; Dreamweaver Compatible; Dropbox Backups; Email Forwarding; Email Manager; Enom Domain Name Reseller Account; EPP Transfer Protection; Error Log Viewer; Extensive Online Documentation; Extra Dedicated IPs; File Manager; FTP Accounts; FTP Manager; Full DNS Management; WHOIS Management; Guaranteed RAM; Hepsia Control Panel; Domain Names Hosted; Hotlinking Protection; Htaccess Generator; WHOIS Shield; Imagemagick And GD Library; InnoDB; Installation And Troubleshooting; Instant Account Activation; Integrated Ticketing System; IonCube; IP Blocking; JailHost; Email Accounts; Mailing Lists; Mailing List Members; Managed Services Package; Marketing Tools; Money Back Guarantee; Memcached; Microsoft Frontpage Extensions; ModSecurity; Monitoring And Rebooting; MySQL And Load Stats; 2.5 Gbit Network Connectivity; Data Corruption; Node.js; No Overselling; NS Records; One-Hour Response Guarantee; Perl Modules; Password Protected Directories; Perl; PostgreSQL Databases; PgSQL Database Storage; Phone Support; PHP 4 And PHP 5 Support; PhpMyAdmin; PhpPgAdmin; Python; RAID; Registrar Lock; Server Reselling Options; Serverside Includes; Shared SSL IP; SiteMap Generator; SMTP Server; Spam Filters; SPF Protection; MySQL Databases; MySQL Database Storage; SRV Records; Data Caching; SSL Certificate Generator; Stable Linux With Apache; Subdomains; Help Desk; Bandwidth; TXT Records; Ubuntu; UPS And Diesel Back-up Generator; Service Uptime; URL Redirector; Varnish; VPN Traffic; Multiple Control Panels; Set-up Fee; Multiple OS; Full Root-level Access; SSH Telnet; Web Accelerators; Online Site Builder; Web And FTP Statistics; Web Installer; Webmail; Assisted Website Migration; Website Manager; Free Site Themes; Weekly Backup; Weekly OS Update; Zend Optimizer; ZFS Mails And MySQL; Order

ModSecurity is an efficient firewall for Apache web servers that is employed to stop attacks toward web applications. It monitors the HTTP traffic to a specific website in real time and prevents any intrusion attempts the instant it discovers them. The firewall relies on a set of rules to do that - for instance, attempting to log in to a script administration area without success many times activates one rule, sending a request to execute a certain file that could result in getting access to the Internet site triggers another rule, and so forth. ModSecurity is one of the best firewalls on the market and it'll preserve even scripts which are not updated regularly because it can prevent attackers from using known exploits and security holes. Very comprehensive data about each and every intrusion attempt is recorded and the logs the firewall keeps are far more detailed than the conventional logs provided by the Apache server, so you can later take a look at them and decide if you need to take extra measures so as to increase the safety of your script-driven sites.

ModSecurity in Web Hosting

ModSecurity is available on all web hosting machines, so if you decide to host your sites with our organization, they shall be shielded from an array of attacks. The firewall is enabled by default for all domains and subdomains, so there shall be nothing you will have to do on your end. You will be able to stop ModSecurity for any Internet site if necessary, or to switch on a detection mode, so that all activity shall be recorded, but the firewall shall not take any real action. You shall be able to view comprehensive logs via your Hepsia Control Panel including the IP address where the attack came from, what the attacker planned to do and how ModSecurity handled the threat. Since we take the safety of our clients' websites very seriously, we use a collection of commercial rules which we take from one of the best companies which maintain this kind of rules. Our admins also include custom rules to make certain that your Internet sites will be protected against as many threats as possible.

ModSecurity in Semi-dedicated Servers

Any web program that you set up within your new semi-dedicated server account will be protected by ModSecurity because the firewall is included with all our hosting plans and is turned on by default for any domain and subdomain which you add or create via your Hepsia hosting CP. You'll be able to manage ModSecurity through a dedicated area inside Hepsia where not simply can you activate or deactivate it completely, but you could also activate a passive mode, so the firewall will not block anything, but it shall still maintain an archive of potential attacks. This normally requires just a mouse click and you will be able to see the logs no matter if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was addressed, and so forth. The firewall employs two groups of rules on our web servers - a commercial one that we get from a third-party web security firm and a custom one that our administrators update personally in order to respond to newly discovered threats as fast as possible.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers which are offered with the Hepsia hosting CP, so your web applications shall be protected from the second your server is in a position. The firewall is turned on by default for any domain or subdomain on the VPS, but if necessary, you'll be able to disable it with a click of your mouse via the corresponding section of Hepsia. You could also set it to function in detection mode, so it shall keep a detailed log of any possible attacks without taking any action to stop them. The logs can be found within the same section and include information regarding the nature of the attack, what IP it originated from and what ModSecurity rule was initiated to stop it. For maximum security, we use not just commercial rules from a business working in the field of web security, but also custom ones which our admins add manually so as to respond to new risks that are still not tackled in the commercial rules.

ModSecurity in Dedicated Servers

All our dedicated servers that are set up with the Hepsia hosting Control Panel come with ModSecurity, so any application that you upload or set up shall be protected from the very beginning and you will not have to worry about common attacks or vulnerabilities. A separate section within Hepsia will enable you to start or stop the firewall for each domain or subdomain, or activate a detection mode so that it records information about intrusions, but doesn't take actions to stop them. What you will see in the logs can easily allow you to to secure your websites better - the IP address an attack originated from, what site was attacked as well as how, what ModSecurity rule was triggered, and so forth. With this info, you'll be able to see if a site needs an update, whether you ought to block IPs from accessing your hosting server, etcetera. Aside from the third-party commercial security rules for ModSecurity we use, our admins include custom ones as well whenever they come across a new threat that is not yet a part of the commercial bundle.