ModSecurity

: Glossary; AAAA Records; Access Log Manager; Additional RAM; Administration Services; Advanced Tools; Email Aliases; Antivirus Protection; APC; 1-Click Applications Installer; Auto-responder Emails; Browsable Daily Backups; Catch-all Emails; CentOS; Live Chat Support; ClientExec Billing And Support Software; Genuine Cloud Architecture; CNAME Records; Hosting Control Panel; Hardware; CPanel Control Panel; CPU Share; Cron Jobs; Custom Error Pages; MX And A Records; Daily Data Back-up; Data Centers; Data Compression; Debian; Dedicated IP Address; Server Network Hardware; DirectAdmin Control Panel; Disk Space; Domain Backorders; DomainKeys Identified Mail; Domain Manager; Parked Domains; Domain Registration Transfer; Dreamweaver Compatible; Dropbox Backups; Email Forwarding; Email Manager; Enom Domain Name Reseller Account; EPP Transfer Protection; Error Log Viewer; Extensive Online Documentation; Extra Dedicated IPs; File Manager; FTP Accounts; FTP Manager; Full DNS Management; Full WHOIS Management; Guaranteed RAM; Hepsia Control Panel; Hosted Domains; Hotlink Protection; Htaccess Generator; WHOIS Privacy Protection; Imagemagick And GD Library; InnoDB; Installation And Troubleshooting; Instant Account Activation; Integrated Ticketing System; IonCube; IP Blocking; JailHost; Email Accounts; Mailing Lists; Mailing List Members; Managed Services Package; Marketing Tools; Money Back Guarantee; Memcached; Microsoft Frontpage Extensions; ModSecurity; Monitoring And Rebooting; MySQL And Load Stats; 2.5 Gbit Network Connectivity; Data Corruption; Node.js; No Overselling; NS Records; One-Hour Response Guarantee; Perl Modules; Password Protected Directories; Perl; PostgreSQL Databases; PgSQL Database Storage; Phone Support; PHP 4 PHP 5 And PHP 7 Support; PhpMyAdmin; PhpPgAdmin; Python; RAID; Registrar Lock; Server Reselling Options; SSI; Shared SSL IP; SiteMap Generator; SMTP Server; Spam Filters; SPF Protection; MySQL Databases; MySQL Database Storage; SRV Records; Data Caching; SSL Certificate Generator; Stable Linux With Apache; Subdomains; Support; Monthly Traffic; TXT Records; Ubuntu; UPS And Diesel Back-up Generator; Hosting Service Uptime; URL Redirector; Varnish; VPN Traffic; Multiple Control Panels; Set-up Fees; Multiple OS; Full Root-level Access; SSH Telnet; Web Accelerators; Online Website Builder; Web And FTP Statistics; Web Installer; Webmail; Assisted Website Migration; Website Manager; Free Website Templates; Weekly Backup; Weekly OS Update; Zend Optimizer; ZFS Mails And MySQL; Buy Now

ModSecurity is a powerful firewall for Apache web servers that is employed to prevent attacks against web apps. It tracks the HTTP traffic to a given site in real time and blocks any intrusion attempts as soon as it detects them. The firewall uses a set of rules to do that - as an example, trying to log in to a script admin area unsuccessfully a few times sets off one rule, sending a request to execute a particular file which may result in accessing the Internet site triggers a different rule, etc. ModSecurity is among the best firewalls around and it will protect even scripts that aren't updated regularly since it can prevent attackers from employing known exploits and security holes. Quite thorough data about each and every intrusion attempt is recorded and the logs the firewall maintains are much more detailed than the regular logs provided by the Apache server, so you may later analyze them and decide if you need to take extra measures in order to improve the safety of your script-driven websites.

ModSecurity in Shared Hosting

ModSecurity is available on all shared hosting servers, so if you opt to host your sites with our firm, they shall be resistant to a wide array of attacks. The firewall is enabled by default for all domains and subdomains, so there will be nothing you shall have to do on your end. You shall be able to stop ModSecurity for any website if needed, or to enable a detection mode, so that all activity will be recorded, but the firewall will not take any real action. You will be able to view specific logs via your Hepsia Control Panel including the IP where the attack came from, what the attacker wanted to do and how ModSecurity addressed the threat. Since we take the security of our clients' websites very seriously, we use a set of commercial rules which we take from one of the top companies that maintain this sort of rules. Our administrators also include custom rules to make sure that your sites shall be protected against as many threats as possible.

ModSecurity in VPS Hosting

All virtual private servers that are offered with the Hepsia Control Panel feature ModSecurity. The firewall is set up and activated by default for all domains which are hosted on the web server, so there will not be anything special that you'll have to do to protect your websites. It shall take you a click to stop ModSecurity if necessary or to turn on its passive mode so that it records what happens without taking any actions to stop intrusions. You will be able to see the logs produced in passive or active mode through the corresponding section of Hepsia and find out more about the form of the attack, where it originated from, what rule the firewall employed to deal with it, etcetera. We use a mixture of commercial and custom rules so as to make certain that ModSecurity will stop as many risks as possible, therefore boosting the protection of your web apps as much as possible.

ModSecurity in Dedicated Web Hosting

ModSecurity comes with all dedicated servers that are set up with our Hepsia CP and you won't need to do anything specific on your end to employ it since it is switched on by default whenever you include a new domain or subdomain on your hosting server. In case it disrupts some of your apps, you'll be able to stop it through the respective area of Hepsia, or you could leave it in passive mode, so it'll recognize attacks and shall still keep a log for them, but won't stop them. You may look at the logs later to find out what you can do to boost the security of your Internet sites since you'll find details such as where an intrusion attempt originated from, what Internet site was attacked and in accordance with what rule ModSecurity responded, etcetera. The rules which we use are commercial, therefore they're constantly updated by a security provider, but to be on the safe side, our staff also include custom rules once in a while in order to deal with any new threats they have found.