web applications security Using mod_security for Apache 2.x
Mod_security is an Apache 1.x/2.x module whose purpose is
to tighten the Web application security. Effectively, it is an
intrusion detection and prevention system for the web server.
At the moment its main
features are: * Audit log; store full request details in a
separate file, including POST
* Request filtering; incoming requests can be analysed and
offensive requests can be rejected (or simply logged, if
that is what you want). This feature can be used to prevent many
types of attacks (e.g. XSS attacks, SQL
injection) and even allow you to run insecure applications
on your servers (if you have no other choice, of course)
This package contains the module required for Apache 2.x
servers. In addition to this package the mod-security-common
package, which includes documentation and configuration
examples, will be installed.
Rename the config file to something more descriptive, like
security,and then edit it to suit your needs.
reload apache2 using /etc/init.d/apache2
This package comes with test data located in
/usr/share/mod-security/tests and can be run with a perl script
in that directory (run-test.pl). The tests simulate a series of
attacks and give a you pass/fail result.