Detect and Prevent Web Application Intrusions

Protect your web server and dynamic content from intrusions.

Detecting intrusions that utilize common protocols and services is a job that a network intrusion detection system is well suited for. However, due to the complexity of web applications and the variety of attacks they can be vulnerable to, it is more difficult to detect and prevent intrusions without generating many false positives. This is especially true for web applications that use SSL, since this requires you to jump through hoops to enable the NIDS to actually get access to the unencrypted traffic coming to and from the web server. One way to get around these issues is to integrate the intrusion detection system into the web server itself. This is just what mod_security ( does for the popular Apache ( web server.

mod_security, as the name suggests, is a module for the Apache web server that is meant to increase the security of a web server by providing facilities for filtering requests and performing arbitrary actions based on user-specified rules. In addition, mod_security will also perform various sanity checks that normalize the requests that the web server receives. With the proper filtering rules, mod_security can be effective at defeating directory traversal, cross-site scripting, SQL injection, and buffer overflow attacks.

To install mod_security, download and unpack the source distribution. If you wish to install ...

Get Network Security Hacks now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.