ModSecurity

: Hosting Glossary; Disk Space; Hepsia Control Panel; Domains Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Support; Bandwidth; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Get Started

ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It is employed to stop attacks against script-driven Internet sites by employing security rules that contain certain expressions. This way, the firewall can prevent hacking and spamming attempts and preserve even websites which are not updated often. As an example, multiple unsuccessful login attempts to a script administrative area or attempts to execute a particular file with the purpose to get access to the script will trigger specific rules, so ModSecurity shall block these activities the instant it identifies them. The firewall is incredibly efficient because it tracks the entire HTTP traffic to an Internet site in real time without slowing it down, so it can easily stop an attack before any harm is done. It also keeps a very thorough log of all attack attempts which includes more information than traditional Apache logs, so you could later examine the data and take further measures to improve the security of your websites if necessary.

ModSecurity in Cloud Hosting

ModSecurity can be found with each cloud hosting solution that we offer and it is turned on by default for any domain or subdomain which you include via your Hepsia CP. In the event that it disrupts any of your programs or you would like to disable it for whatever reason, you shall be able to do that through the ModSecurity area of Hepsia with merely a click. You could also use a passive mode, so the firewall will discover potential attacks and maintain a log, but shall not take any action. You can view comprehensive logs in the same section, including the IP address where the attack originated from, what exactly the attacker attempted to do and at what time, what ModSecurity did, and so forth. For max safety of our customers we use a set of commercial firewall rules mixed with custom ones which are included by our system administrators.

ModSecurity in Semi-dedicated Hosting

Any web app which you set up within your new semi-dedicated hosting account will be protected by ModSecurity as the firewall comes with all our hosting packages and is switched on by default for any domain and subdomain that you add or create via your Hepsia hosting Control Panel. You'll be able to manage ModSecurity via a dedicated section inside Hepsia where not only could you activate or deactivate it fully, but you could also switch on a passive mode, so the firewall will not stop anything, but it shall still keep an archive of possible attacks. This normally requires simply a click and you shall be able to see the logs no matter if ModSecurity is in passive or active mode through the same section - what the attack was and where it originated from, how it was handled, and so on. The firewall uses two sets of rules on our servers - a commercial one that we get from a third-party web security provider and a custom one that our admins update personally as to respond to recently discovered threats as quickly as possible.

ModSecurity in VPS Web Hosting

Safety is essential to us, so we set up ModSecurity on all virtual private servers that are made available with the Hepsia CP by default. The firewall could be managed through a dedicated section inside Hepsia and is activated automatically when you include a new domain or generate a subdomain, so you will not have to do anything manually. You'll also be able to deactivate it or turn on the so-called detection mode, so it will maintain a log of potential attacks that you can later analyze, but will not block them. The logs in both passive and active modes contain information regarding the form of the attack and how it was prevented, what IP it came from and other useful data that may help you to tighten the security of your Internet sites by updating them or blocking IPs, for instance. Besides the commercial rules we get for ModSecurity from a third-party security company, we also implement our own rules since once in a while we find specific attacks that aren't yet present within the commercial package. This way, we could improve the security of your VPS promptly as opposed to awaiting an official update.

ModSecurity in Dedicated Servers Hosting

ModSecurity is available as standard with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain you create on the web server. Just in case that a web app does not operate properly, you can either disable the firewall or set it to function in passive mode. The second means that ModSecurity shall keep a log of any possible attack that might take place, but will not take any action to prevent it. The logs generated in passive or active mode shall present you with more details about the exact file that was attacked, the type of the attack and the IP address it came from, and so on. This info shall enable you to choose what actions you can take to increase the safety of your websites, including blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we use are updated often with a commercial pack from a third-party security firm we work with, but from time to time our administrators include their own rules also if they discover a new potential threat.