mod_security

Jeremy Zawodny

Saturday, February 15th, 2003

Share This:

As Web applications grow more complex, they also become more and more vulnerable. As with other areas of network security, it’s best to have multiple levels of protection in place. Ideally, you’d have security controls in place on your router and firewall, as well as in your application and database servers.

While networks and databases are easy to secure, application servers — for example, Apache and PHP or mod_perl — tend to be more difficult to secure, leaving them prone to attacks.

One of the most common targets is Open Source software like PHPNuke. With access to source code, would-be attackers can easily scan and exploit common coding mistakes (such as poorly implemented input validation). The two most popular security exploits are cross-site scripting and SQL injection.

To be sure, there’s lots to be paranoid about. Luckily, adding the Apache module mod_security to your defenses may let you sleep a little better at night. mod_security provides generic scanning facilities that examine user input (primarily URL parameters and form submissions), looking for suspicious patterns. The module filters, and optionally rejects, incoming requests based on a number of different criteria like CGI variables, HTTP headers, environment variables, and even individual script parameters. mod_security can also create an audit log, storing full request details in a separate file, including POST payloads (the audit feature can be turned on or off on a per-server or per-directory basis). Using mod_security isn’t a silver bullet, but it does offer a fair…

1. Helpful Tools for Software Developers
2. The Github Hall of Fame
3. Book'em, Github.
4. This Week on Github: Stupid Ruby Tricks
5. A Veritable Scatter Shot!