Mod Security does offer some form of protection

While not perfect, Mod Security does offer some form of protection that as they say, is better than nothing. While there will certainly be a small level of performance hit, in the four odd weeks that I’ve been using it, I have not really noticed any significant performance degradation.

On a side note with regards to the audit_log file, do note that setting the SecAuditEngine to On instead of RelevantOnly can result in a very HUGE log clogging up your system especially for high traffic sites. With the parser in place, I had over a million records in the database in less than 2 weeks (and we all know MySQL really starts to drag at this point without some serious SQL optimization). You have been warned.

Related posts

• XSS attacks are steadily mounting in Ajax frameworks (0)
• Why to Use mod_security? (0)
• Transformation functions - Modsecurity (0)
• The filter inheritance scheme in ModSecurity (0)
• Specifying filters in modsecurity (0)