December 2012
Intermediate to advanced
552 pages
13h 16m
English
Content preview from Web Application Defender's CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Recipe 13-4: Data Sharing with Request Header Tagging
This recipe shows you how to share security event information with other security systems by adding request header data.
Ingredients
- OWASP ModSecurity Core Rule Set (CRS)
- modsecurity_crs_49_header_tagging.conf
- Apache
- mod_headers header
- ModSecurity
- TX:ANOMALY_SCORE variable
- REQUEST_BODY variable
- @eq operator
- setvar action
- setenv action
A common security architecture is to deploy a web application firewall within a demilitarized zone (DMZ) network segment to act as a reverse proxy for protected web applications. With this setup, the WAF can inspect requests and decide whether to allow the transaction to continue and proxy it onto the downstream web application it is protecting. This setup works well for obvious attack traffic, but there may be some situations in which the WAF identifies some lower-level security issues. However, they are not at a level that would cause the traffic to be blocked. In these situations, intelligence is lost when the WAF sends the request to the destination web application. Wouldn’t it be great if your WAF could share its data with the application it is protecting? This concept is called request header tagging.
This concept is similar in theory to antispam SMTP applications that add additional MIME headers to e-mails, providing the spam detection analysis information. If your e-mail server uses this type of spam filtering, you may be able to view the source of your e-mail message and ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.