ModSecurity - Open Source Web Application Firewall



(Back to docs.huihoo.com)

Introduction

ModSecurity is an intrusion detection and prevention engine for Web applications (sometimes called a Web application firewall). Operating embedded or as part of an Apache reverse proxy, it increases Web application security, protecting Web applications from known and unknown attacks. It is flexible and easy to configure. It monitors HTTP traffic (including POST payloads), detects or prevents attacks, enhances logging, performs anti-evasion, and allows administrators to create custom rules to suit their specific needs. It excels in HTTP traffic monitoring and just-in-time vulnerability patching.

ModSecurity Console is a real-time monitoring and log agreggation solution for ModSecurity. It is a self-contained package (it consists of an event-collecting daemon, Web server, and database engine) written in pure Java (can be deployed on any platform that supports JRE 1.4 or better). Features include secure log centralization, alert management and notification, customizable reporting, and DNS and geographic IP resolution. It supports up to three ModSecurity sensors.

Documents

• ModSecurity Reference 2.5.7
• Web Intrusion Detection with ModSecurity (2008)
• Ajax Fingerprinting and Filtering with ModSecurity 2 (2007)
• Introducing ModSecurity (2007)
• WASC Distributed Open Proxy Honeypot Project (2007)
• IT18 Evasion: Bypassing IDS/IPS Systems (2007)
• Positive Security Model for Web Applications, Challenges and Promise (2006)
• Protecting Web Applications from Universal PDF XSS (2007)
• Virtual Patching for Web Applications with ModSecurity (2007)
• Introducing Core Rules (2006)
• ModSecurity 2 Deployment (2004)
• ModSecurity 2 Rule Language (2004)
• Securing Web Services with ModSecurity 2 (2005)
• Web Application Firewalls:When Are They Useful? (2006)
• ModSecurity Elevator Pitch (2006)
• Threat Modelling for Web Applications (2006)
• Apache Security Training (2005)
• Web Intrusion Detection with ModSecurity (2005)
• ModSecurity 2.0 Webcast: Answers To Common Questions (2006)
• ModSecurity 2.0 Webcast: Answers To Common Questions (2007)

Links

• ModSecurity Homepage
• Breach Security
• ModSecurity Download