| mod_security |
 |
 |
 |
| Written by xqube |
| Wednesday, 25 March 2009 15:16 |
|
What is mod_security? This article introduces you to mod_security with example.
mod_security is a rare type of software, it is an application firewall, a web application firewall to be precise. Essentially it analyses the traffic being received by the webserver, before the webserver acutally acts on it. An example of mod_security in action is to foil cross site scripting attacks. An implemented example is given below, you will see that mod_security checks the incoming input and sets a predetermined error message if the XSS attack pattern is observerd. In the above example we have turned out logging for GET and POST request, as that is where the attacks are performed. Then we define filters which check what pattern to look for in GET and POST request. If a GET/POST request has any one of these patterns a 500 server error will be returned before the input reaches the backend script being run by apache. The first line 'SecAutditEngine On' turns on security auditing, which performs the auditing operation. SecFilterScanPOST line turns on scanning for the POST requests. We then do SecFilterEngine On which turns on the Filtering process. We set the default response if our filter trips. finally we set the SecFilter directives telling mod_security what to look for. Please do keep in mind that security and service are to some extent mutually exclusive. If the above filter is applied using mod_security it will cause the client to be unable to use "<", ">","'" and '"' in their input even if the input is valid. In that case some front end technology (javascript) can be used to convert their input to special (acceptable) tags like <, &qt etc. |
| Last Updated on Thursday, 26 March 2009 05:22 |