ModSecurity

: Hosting Glossary; AAAA Records; Access Log Manager; Additional RAM; Administration Services; Advanced Tools; Email Aliases; Antivirus Protection; APC; Free Web Apps; Auto-reply Emails; Browsable Daily Backups; Catch-all Emails; CentOS; Live Chat Support; ClientExec Billing And Support Software; Genuine Cloud Architecture; CNAME Records; Hosting Control Panel; Hardware; CPanel Control Panel; CPU Share; Cron Jobs; Custom Error Pages; MX And A Records; Daily Data Back-up; Data Centers; Data Compression; Debian; Dedicated IP; Server Network Hardware; DirectAdmin Control Panel; Disk Space; Domain Backorders; DomainKeys Identified Mail; Domain Manager; Parked Domain Names; Domain Registration Transfer; Dreamweaver Compatible; Dropbox Backups; Email Forwarding; Email Manager; Enom Domain Name Reseller Account; EPP Transfer Protection; Error Log Viewer; Extensive Online Documentation; Extra Dedicated IPs; File Manager; FTP Accounts; FTP Manager; Full DNS Management; Full WHOIS Management; Guaranteed RAM; Hepsia Control Panel; Domain Names Hosted; Hotlink Protection; Htaccess Generator; WHOIS Privacy Protection; Imagemagick And GD Library; InnoDB; Installation And Troubleshooting; Instant Account Activation; Integrated Ticketing System; IonCube; IP Blocking; JailHost; Email Accounts; Mailing Lists; Mailing List Members; Managed Services Package; Marketing Tools; Money Back Guarantee; Memcached; Microsoft FPE; ModSecurity; Monitoring And Rebooting; MySQL And Load Stats; 2.5 Gbit Network Connectivity; Data Corruption; Node.js; No Overselling; NS Records; One-Hour Response Guarantee; Perl Modules; Password Protected Directories; Perl Scripting; PostgreSQL Databases; PgSQL Database Storage; Phone Support; PHP 4 And PHP 5 Support; PhpMyAdmin; PhpPgAdmin; Python; RAID; Registrar Lock; Server Reselling Options; Serverside Includes; Shared SSL IP; SiteMap Generator; SMTP Server; Spam Filters; SPF Protection; MySQL Databases; MySQL Database Storage; SRV Records; Data Caching; SSL Certificate Generator; Stable Linux With Apache; Subdomains; Help Desk; Bandwidth; TXT Records; Ubuntu; UPS And Diesel Back-up Generator; Service Uptime Guarantee; URL Redirection; Varnish; VPN Traffic; Multiple Control Panels; Setup Fees; Multiple OS; Full Root-level Access; SSH Telnet; Web Accelerators; Online Website Builder; Web And FTP Statistics; Web Installer; Webmail; Assisted Website Migration; Website Manager; Free Site Themes; Weekly Backup; Weekly OS Update; Zend Optimizer; ZFS Mails And MySQL; Order Now

ModSecurity is a potent web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its performance and when it detects an intrusion attempt, it prevents it. The firewall also keeps a more thorough log for the traffic than any web server does, so you will be able to keep track of what is going on with your sites much better than if you rely simply on conventional logs. ModSecurity uses security rules based on which it stops attacks. For instance, it recognizes whether someone is attempting to log in to the admin area of a certain script a number of times or if a request is sent to execute a file with a specific command. In such circumstances these attempts set off the corresponding rules and the firewall blocks the attempts instantly, then records comprehensive details about them in its logs. ModSecurity is among the best software firewalls out there and it could easily protect your web applications against many threats and vulnerabilities, especially if you don’t update them or their plugins regularly.

ModSecurity in Web Hosting

ModSecurity is provided with all web hosting machines, so if you choose to host your sites with our firm, they will be protected against an array of attacks. The firewall is enabled as standard for all domains and subdomains, so there'll be nothing you shall have to do on your end. You will be able to stop ModSecurity for any Internet site if needed, or to switch on a detection mode, so that all activity shall be recorded, but the firewall shall not take any real action. You will be able to view specific logs through your Hepsia Control Panel including the IP where the attack originated from, what the attacker planned to do and how ModSecurity addressed the threat. Since we take the security of our clients' websites seriously, we employ a group of commercial rules which we get from one of the best firms that maintain this sort of rules. Our administrators also add custom rules to ensure that your Internet sites shall be protected against as many threats as possible.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server packages that we offer feature ModSecurity and given that the firewall is enabled by default, any Internet site you create under a domain or a subdomain will be protected immediately. A separate section inside the Hepsia CP which comes with the semi-dedicated accounts is devoted to ModSecurity and it'll enable you to start and stop the firewall for any website or enable a detection mode. With the last option, ModSecurity will not take any action, but it will still detect possible attacks and will keep all information in a log as if it were completely active. The logs could be found in the same section of the Control Panel and they offer information about the IP where an attack came from, what its nature was, what rule ModSecurity applies to detect and stop it, and so forth. The security rules that we use on our web servers are a mix of commercial ones from a security company and custom ones developed by our system admins. Consequently, we provide increased security for your web programs as we can protect them from attacks even before security businesses release updates for new threats.

ModSecurity in VPS Servers

Security is essential to us, so we install ModSecurity on all VPS servers which are set up with the Hepsia Control Panel as a standard. The firewall can be managed via a dedicated section in Hepsia and is activated automatically when you include a new domain or generate a subdomain, so you won't need to do anything manually. You will also be able to deactivate it or turn on the so-called detection mode, so it will keep a log of possible attacks you can later study, but won't block them. The logs in both passive and active modes contain information about the kind of the attack and how it was eliminated, what IP address it came from and other useful data that could help you to tighten the security of your sites by updating them or blocking IPs, as an example. In addition to the commercial rules that we get for ModSecurity from a third-party security company, we also implement our own rules because every now and then we find specific attacks which are not yet present within the commercial group. This way, we can easily increase the protection of your Virtual private server instantly rather than awaiting a certified update.

ModSecurity in Dedicated Servers

ModSecurity is included with all dedicated servers that are set up with our Hepsia Control Panel and you will not need to do anything specific on your end to use it because it is enabled by default every time you add a new domain or subdomain on your server. In the event that it interferes with some of your applications, you will be able to stop it via the respective area of Hepsia, or you can leave it operating in passive mode, so it shall identify attacks and will still maintain a log for them, but shall not prevent them. You could examine the logs later to learn what you can do to improve the safety of your sites since you'll find information such as where an intrusion attempt came from, what site was attacked and in accordance with what rule ModSecurity responded, etcetera. The rules which we use are commercial, hence they are frequently updated by a security company, but to be on the safe side, our staff also add custom rules from time to time as to react to any new threats they have found.