Detect and Prevent Web Application Intrusions
Protect your web server and dynamic content from intrusions.
Detecting intrusions that
utilize common protocols and services is a job that a network
intrusion detection system is well suited for. However, due to the
complexity of web applications and the variety of attacks they can be
vulnerable to, it is more difficult to detect and prevent intrusions
without generating many false positives. This is especially true for
web applications that use SSL, since this requires you to jump
through hoops to enable the NIDS to actually get access to the
unencrypted traffic coming to and from the web server. One way to get
around these issues is to integrate the intrusion detection system
into the web server itself. This is just what
(http://www.modsecurity.org) does for the
popular Apache (http://www.apache.org) web server.
mod_security, as the name suggests, is a module
for the Apache web server that is meant to increase the security of a
web server by providing facilities for filtering requests and
performing arbitrary actions based on user-specified rules. In
mod_security will also perform various
sanity checks that normalize the requests that the web server
receives. With the proper filtering rules,
can be effective at defeating directory traversal,
cross-site scripting, SQL injection, and buffer overflow attacks.
mod_security, download and unpack the source distribution. If you wish to install ...