Better protection with Apache’s ModSecurity module


Article from Issue 69/2006

The Apache ModSecurity module provides extra protection for your web server. We'll show you why this optional application firewall is quickly becoming a favorite of webmasters and security experts.

Most commercial web servers are devoted to the purpose of serving up dynamic, script-generated content in a reliable way. The very nature of the Internet means that unkown visitors from anywhere in the world may pay a visit to the site. Unfortunately, this all-important interaction between visitors and the web application opens up an attack vector. A skillful attacker could use a vulnerability to gain unauthorized access to the web server, and, once inside, the intruder could employ adidtional tools and tricks to do things that developers or webmasters never intended. The potential for damage is enormous, ranging from exposed contents of confidential files to a complete root compromise. Cleanly programmed web applications provide one meaningful approach to preventing this kind of abuse, but the path is fraught with difficulty. Even the most experienced programmers are caught out from time to time, as vulnerabilities in established web applications just go to show.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Security Lessons

    Learn more about protecting your website with NoScript, ModSecurity, and Site Security Policy.

  • Web Attacks Using HTTP Parameter Pollution

    At the OWASP AppSec Poland 2009 web security conference two Italian security experts presented a new kind of web application attack threat. The presentation slides for the method called HTTP Parameter Pollution (HPP) are now available online.

  • Stopping Drive-By Attacks

    You won't find a perfect solution to the growing problem of drive-by attacks, but many tools are available to help you keep malicious code off your network.

  • OWASP Releases Web-Security Videos

    The Open Web Application Security Project (OWASP) has placed videos of its latest conference online. The open- source project concerns itself with web application security.

  • DDoS Defense

    To ward off DDoS attacks, websites and services often seek the protection of Internet giants, such as Amazon, but you have other ways to protect your connectivity.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More