ModSecurity

: Glossary; AAAA Records; Access Log Manager; Additional RAM; Administration Services; Advanced Tools; Email Aliases; Antivirus Protection; APC; Web Application Installer; Auto-responder Emails; Browsable Daily Backups; Catch-all Emails; CentOS; Live Chat Support; ClientExec Billing And Support Software; Genuine Cloud Architecture; CNAME Records; Control Panel; Hardware; CPanel Control Panel; CPU Share; Cron Jobs; Custom Error Pages; MX And A Records; Daily Data Back-up; Data Centers; Data Compression; Debian; Dedicated IP Address; Server Network Hardware; DirectAdmin Control Panel; Disk Space; Domain Backorders; DomainKeys Identified Mail; Domain Manager; Parked Domain Names; Domain Registration Transfer; Dreamweaver Compatibility; Dropbox Backups; Email Forwarding; Email Manager; Enom Domain Name Reseller Account; EPP Transfer Protection; Error Log Viewer; Extensive Online Documentation; Extra Dedicated IPs; File Manager; FTP Accounts; FTP Manager; Full DNS Management; WHOIS Management; Guaranteed RAM; Hepsia Control Panel; Domains Hosted; Hotlinking Protection; Htaccess Generator; WHOIS Guard; Imagemagick And GD Library; InnoDB; Installation And Troubleshooting; Instant Account Activation; Integrated Ticketing System; IonCube; IP Blocking; JailHost; Email Accounts; Mailing Lists; Mailing List Members; Managed Services Package; Marketing Tools; Money Back Guarantee; Memcached; Microsoft FPE; ModSecurity; Monitoring And Rebooting; MySQL And Load Stats; 2.5 Gbit Network Connectivity; Data Corruption; Node.js; No Overselling; NS Records; One-Hour Response Guarantee; Perl Modules; Password Protected Directories; Perl; PgSQL Databases; PgSQL Database Storage; Phone Support; PHP 4 And PHP 5 Support; PhpMyAdmin; PhpPgAdmin; Python; RAID; Registrar Lock; Server Reselling Options; SSI; Shared SSL IP; SiteMap Generator; SMTP Server; Spam Filters; SPF Protection; MySQL Databases; MySQL Database Storage; SRV Records; Data Caching; SSL Certificate Generator; Stable Linux With Apache; Subdomains; Help Desk; Data Traffic; TXT Records; Ubuntu; UPS And Diesel Back-up Generator; Service Uptime; URL Redirection; Varnish; VPN Traffic; Multiple Control Panels; Set-up Fees; Multiple OS; Full Root-level Access; SSH Telnet; Web Accelerators; Online Website Builder; Web And FTP Statistics; Web Installer; Webmail; Assisted Website Migration; Website Manager; Free Site Themes; Weekly Backup; Weekly OS Update; Zend Optimizer; ZFS Mails And MySQL; Order Now

ModSecurity is a powerful firewall for Apache web servers which is used to prevent attacks against web applications. It tracks the HTTP traffic to a specific site in real time and blocks any intrusion attempts the moment it identifies them. The firewall relies on a set of rules to do this - for instance, trying to log in to a script administration area unsuccessfully a few times sets off one rule, sending a request to execute a particular file which may result in getting access to the site triggers a different rule, and so forth. ModSecurity is amongst the best firewalls on the market and it will secure even scripts which aren't updated often since it can prevent attackers from using known exploits and security holes. Quite thorough data about each and every intrusion attempt is recorded and the logs the firewall maintains are far more comprehensive than the regular logs provided by the Apache server, so you may later analyze them and determine if you need to take more measures in order to boost the protection of your script-driven websites.

ModSecurity in Cloud Hosting

ModSecurity is available with each cloud hosting package which we offer and it is switched on by default for every domain or subdomain that you include through your Hepsia Control Panel. In case it disrupts any of your apps or you would like to disable it for any reason, you will be able to do that through the ModSecurity section of Hepsia with only a click. You may also enable a passive mode, so the firewall will detect potential attacks and maintain a log, but won't take any action. You can see detailed logs in the same section, including the IP where the attack originated from, exactly what the attacker attempted to do and at what time, what ModSecurity did, and so on. For max security of our customers we use a collection of commercial firewall rules mixed with custom ones which are provided by our system administrators.

ModSecurity in Semi-dedicated Servers

ModSecurity is a part of our semi-dedicated server packages and if you decide to host your sites with our company, there won't be anything special you'll have to do as the firewall is activated by default for all domains and subdomains you add through your hosting Control Panel. If needed, you'll be able to disable ModSecurity for a certain site or turn on the so-called detection mode in which case the firewall will still operate and record data, but will not do anything to prevent potential attacks on your sites. Comprehensive logs will be accessible inside your Control Panel and you'll be able to see what type of attacks took place, what security rules were triggered and how the firewall addressed the threats, what IP addresses the attacks came from, etc. We employ 2 sorts of rules on our servers - commercial ones from an organization that operates in the field of web security, and custom made ones which our admins sometimes add to respond to newly found threats in a timely manner.

ModSecurity in Dedicated Servers

All of our dedicated servers that are installed with the Hepsia hosting Control Panel feature ModSecurity, so any application which you upload or set up shall be properly secured from the very beginning and you won't need to worry about common attacks or vulnerabilities. An independent section within Hepsia will permit you to start or stop the firewall for every domain or subdomain, or activate a detection mode so that it records info about intrusions, but does not take actions to prevent them. What you'll see in the logs can easily help you to secure your websites better - the IP an attack came from, what site was attacked and in what way, what ModSecurity rule was triggered, and so forth. With this information, you can see if a site needs an update, if you ought to block IPs from accessing your web server, etc. Besides the third-party commercial security rules for ModSecurity which we use, our admins include custom ones too if they discover a new threat which is not yet a part of the commercial bundle.