ModSecurity

: Hosting Definitions; AAAA Records; Access Log Manager; Additional RAM; Administration Services; Advanced Tools; Email Aliases; Antivirus Protection; APC; Free Web Applications; Auto-reply Emails; Browsable Daily Backups; Catch-all Emails; CentOS; Live Chat Support; ClientExec Billing And Support Software; Genuine Cloud Architecture; CNAME Records; Hosting Control Panel; Hardware; CPanel Control Panel; CPU Share; Cron Jobs; Custom Error Pages; MX And A Records; Daily Data Back-up; Data Centers; Data Compression; Debian; Dedicated IP; Server Network Hardware; DirectAdmin Control Panel; Disk Space; Domain Backorders; DomainKeys Identified Mail; Domain Manager; Parked Domain Names; Domain Registration Transfer; Dreamweaver Compatibility; Dropbox Backups; Email Forwarding; Email Manager; Enom Domain Name Reseller Account; EPP Transfer Protection; Error Log Viewer; Extensive Online Documentation; Extra Dedicated IPs; File Manager; FTP Accounts; FTP Manager; Full DNS Management; WHOIS Management; Guaranteed RAM; Hepsia Control Panel; Hosted Domains; Hotlinking Protection; Htaccess Generator; ID Protect; Imagemagick And GD Library; InnoDB; Installation And Troubleshooting; Instant Account Activation; Integrated Ticketing System; IonCube; IP Blocking; JailHost; Email Accounts; Mailing Lists; Mailing List Members; Managed Services Package; Marketing Tools; Money Back Guarantee; Memcached; Microsoft Frontpage Extensions; ModSecurity; Monitoring And Rebooting; MySQL And Load Stats; 2.5 Gbit Network Connectivity; Data Corruption; Node.js; No Overselling; NS Records; One-Hour Response Guarantee; Perl Modules; Password Protected Directories; Perl Scripting; PostgreSQL Databases; PgSQL Database Storage; Phone Support; PHP 4 And PHP 5 Support; PhpMyAdmin; PhpPgAdmin; Python; RAID; Registrar Lock; Server Reselling Options; SSI; Shared SSL IP; SiteMap Generator; SMTP Server; Spam Filters; SPF Protection; MySQL Databases; MySQL Database Storage; SRV Records; Data Caching; SSL Certificate Generator; Stable Linux With Apache; Subdomains; Customer Support; Bandwidth; TXT Records; Ubuntu; UPS And Diesel Back-up Generator; Hosting Service Uptime; URL Redirection; Varnish; VPN Traffic; Multiple Control Panels; Setup Fees; Multiple OS; Full Root-level Access; SSH Telnet; Web Accelerators; Online Site Builder; Web And FTP Statistics; Web Installer; Webmail; Assisted Website Migration; Website Manager; Free Site Templates; Weekly Backup; Weekly OS Update; Zend Optimizer; ZFS Mails And MySQL; Purchase

ModSecurity is an effective firewall for Apache web servers that's used to prevent attacks against web apps. It tracks the HTTP traffic to a given site in real time and stops any intrusion attempts as soon as it detects them. The firewall uses a set of rules to accomplish that - for instance, attempting to log in to a script administrator area without success several times triggers one rule, sending a request to execute a certain file which could result in gaining access to the Internet site triggers another rule, and so on. ModSecurity is one of the best firewalls available and it will secure even scripts that are not updated on a regular basis as it can prevent attackers from using known exploits and security holes. Incredibly thorough info about each and every intrusion attempt is recorded and the logs the firewall keeps are far more detailed than the regular logs provided by the Apache server, so you could later examine them and determine if you need to take extra measures in order to enhance the safety of your script-driven sites.

ModSecurity in Shared Website Hosting

ModSecurity is available on all shared website hosting servers, so when you opt to host your sites with our business, they'll be shielded from a wide range of attacks. The firewall is turned on as standard for all domains and subdomains, so there will be nothing you will need to do on your end. You'll be able to stop ModSecurity for any Internet site if required, or to switch on a detection mode, so that all activity shall be recorded, but the firewall won't take any real action. You will be able to view detailed logs via your Hepsia Control Panel including the IP address where the attack came from, what the attacker wanted to do and how ModSecurity dealt with the threat. As we take the protection of our clients' Internet sites seriously, we use a group of commercial rules that we get from one of the top companies which maintain this sort of rules. Our administrators also include custom rules to make sure that your sites shall be protected against as many risks as possible.

ModSecurity in Semi-dedicated Hosting

ModSecurity is part of our semi-dedicated hosting solutions and if you choose to host your Internet sites with us, there will not be anything special you'll need to do since the firewall is switched on by default for all domains and subdomains that you include through your hosting CP. If needed, you could disable ModSecurity for a certain site or switch on the so-called detection mode in which case the firewall will still work and record info, but shall not do anything to stop potential attacks against your sites. Comprehensive logs shall be readily available inside your CP and you shall be able to see what sort of attacks happened, what security rules were triggered and how the firewall addressed the threats, what Internet protocol addresses the attacks originated from, etc. We use two sorts of rules on our servers - commercial ones from a company which operates in the field of web security, and custom ones that our admins often add to respond to newly discovered threats promptly.

ModSecurity in VPS Hosting

Safety is extremely important to us, so we install ModSecurity on all virtual private servers that are provided with the Hepsia Control Panel as a standard. The firewall can be managed through a dedicated section in Hepsia and is turned on automatically when you add a new domain or generate a subdomain, so you will not need to do anything personally. You will also be able to disable it or activate the so-called detection mode, so it shall keep a log of potential attacks which you can later study, but won't block them. The logs in both passive and active modes include details about the type of the attack and how it was eliminated, what IP address it came from and other important information which might help you to tighten the security of your websites by updating them or blocking IPs, for example. Besides the commercial rules that we get for ModSecurity from a third-party security firm, we also employ our own rules as occasionally we identify specific attacks which are not yet present within the commercial pack. That way, we can improve the protection of your Virtual private server right away rather than waiting for an official update.

ModSecurity in Dedicated Web Hosting

ModSecurity comes with all dedicated servers which are set up with our Hepsia Control Panel and you won't need to do anything specific on your end to employ it because it's switched on by default whenever you include a new domain or subdomain on your server. In the event that it interferes with any of your programs, you shall be able to stop it through the respective section of Hepsia, or you may leave it operating in passive mode, so it will detect attacks and shall still keep a log for them, but shall not block them. You can examine the logs later to determine what you can do to increase the protection of your websites since you will find information such as where an intrusion attempt came from, what site was attacked and based upon what rule ModSecurity responded, etcetera. The rules that we use are commercial, thus they're constantly updated by a security company, but to be on the safe side, our admins also add custom rules from time to time as to respond to any new threats they have identified.