ModSecurity

: Hosting Definitions; AAAA Records; Access Log Manager; Additional RAM; Administration Services; Advanced Tools; Email Aliases; Antivirus Protection; APC; App Installer; Auto-responder Emails; Browsable Daily Backups; Catch-all Emails; CentOS; Live Chat Support; ClientExec Billing And Support Software; Genuine Cloud Architecture; CNAME Records; Hosting Control Panel; Hardware; CPanel Control Panel; CPU Share; Cron Jobs; Custom Error Pages; MX And A Records; Daily Data Back-up; Data Centers; Data Compression; Debian; Dedicated IP; Server Network Hardware; DirectAdmin Control Panel; Disk Space; Domain Backorders; DomainKeys Identified Mail; Domain Manager; Parked Domains; Domain Registration Transfer; Dreamweaver Compatibility; Dropbox Backups; Email Forwarding; Email Manager; Enom Domain Name Reseller Account; EPP Transfer Protection; Error Log Viewer; Extensive Online Documentation; Extra Dedicated IPs; File Manager; FTP Accounts; FTP Manager; Full DNS Management; WHOIS Management; Guaranteed RAM; Hepsia Control Panel; Domains Hosted; Hotlink Protection; Htaccess Generator; WHOIS Privacy Protection; Imagemagick And GD Library; InnoDB; Installation And Troubleshooting; Instant Account Activation; Integrated Ticketing System; IonCube; IP Blocking; JailHost; Email Accounts; Mailing Lists; Mailing List Members; Managed Services Package; Marketing Tools; Money Back Guarantee; Memcached; Microsoft FPE; ModSecurity; Monitoring And Rebooting; MySQL And Load Stats; 2.5 Gbit Network Connectivity; Data Corruption; Node.js; No Overselling; NS Records; One-Hour Response Guarantee; Perl Modules; Password Protected Directories; Perl Scripting; PgSQL Databases; PostgreSQL Database Storage; Phone Support; PHP 4 And PHP 5 Support; PhpMyAdmin; PhpPgAdmin; Python; RAID; Registrar Lock; Server Reselling Options; SSI; Shared SSL IP; SiteMap Generator; SMTP Server; Spam Filters; SPF Protection; MySQL Databases; MySQL Database Storage; SRV Records; Data Caching; SSL Certificate Generator; Stable Linux With Apache; Subdomains; Help Desk; Monthly Traffic; TXT Records; Ubuntu; UPS And Diesel Back-up Generator; Hosting Server Uptime; URL Redirector; Varnish; VPN Traffic; Multiple Control Panels; Set-up Fee; Multiple OS; Full Root-level Access; SSH Telnet; Web Accelerators; Online Site Builder; Web And FTP Statistics; Web Installer; Webmail; Assisted Website Migration; Website Manager; Free Website Templates; Weekly Backup; Weekly OS Update; Zend Optimizer; ZFS Mails And MySQL; Purchase

ModSecurity is a potent web app layer firewall for Apache web servers. It monitors the whole HTTP traffic to an Internet site without affecting its operation and in case it discovers an intrusion attempt, it blocks it. The firewall also keeps a more comprehensive log for the traffic than any server does, so you will be able to keep an eye on what is going on with your websites a lot better than if you rely merely on standard logs. ModSecurity uses security rules based on which it stops attacks. For example, it recognizes whether someone is attempting to log in to the administration area of a given script several times or if a request is sent to execute a file with a certain command. In these cases these attempts set off the corresponding rules and the software blocks the attempts right away, and then records in-depth details about them within its logs. ModSecurity is among the best software firewalls available and it can protect your web apps against a large number of threats and vulnerabilities, particularly if you don’t update them or their plugins often.

ModSecurity in Web Hosting

ModSecurity can be found with each web hosting plan that we offer and it is activated by default for any domain or subdomain that you include via your Hepsia Control Panel. In case it disrupts any of your apps or you would like to disable it for some reason, you'll be able to do this through the ModSecurity area of Hepsia with just a mouse click. You could also activate a passive mode, so the firewall will discover potential attacks and maintain a log, but will not take any action. You could view comprehensive logs in the exact same section, including the IP address where the attack originated from, exactly what the attacker attempted to do and at what time, what ModSecurity did, etc. For max security of our customers we use a group of commercial firewall rules combined with custom ones that are provided by our system admins.

ModSecurity in Dedicated Servers

ModSecurity is included with all dedicated servers that are integrated with our Hepsia Control Panel and you'll not have to do anything specific on your end to use it as it is turned on by default each time you add a new domain or subdomain on your server. If it interferes with any of your applications, you shall be able to stop it via the respective section of Hepsia, or you can leave it working in passive mode, so it shall detect attacks and shall still keep a log for them, but shall not prevent them. You can examine the logs later to learn what you can do to improve the protection of your sites since you shall find information such as where an intrusion attempt originated from, what site was attacked and in accordance with what rule ModSecurity responded, and so forth. The rules we employ are commercial, thus they're frequently updated by a security provider, but to be on the safe side, our admins also include custom rules occasionally as to deal with any new threats they have discovered.