Category: ModSecurity

The new version of apache 2.5.9 have facility of disabling the modsecurity web applicationfirewall. The new version is available on internet. This will help in avoiding crashing the firewall while processing http packets.

It also fixes a potential Dos vulnerability in …

The filter inheritance scheme in ModSecurity follows the rules outlined below.

By default, all filters, together with their per-rule action lists, are inherited by child contexts.
The default action list is also inherited by child contexts.
Action lists, defined in the SecFilterSignatureAction directive …

Modsecurity supports writing filters in the ways outlined below. For further information refer to the documentation.

Simple Input Filter Syntax:

SecFilter KEYWORD [ACTIONS]
SecFilter !KEYWORD [ACTIONS]

Advanced Input Filter Syntax:
SecFilterSelective LOCATION KEYWORD [ACTIONS]
SecFilterSelective LOCATION !KEYWORD [ACTIONS]
Advanced output Filter Syntax:
SecFilterSelective OUTPUT KEYWORD [ACTIONS]
SecFilterSelective …

It is possible to use Apache’s custom logging feature in order to log requests, which matched a ModSecurity filter, on a per-virtualhost basis. The key for this to work is the fact that ModSecurity defines the environment variable mod_security-relevant whenever …

ModSecurity installation consists of the following steps:

ModSecurity 2.x works with Apache 2.0.x or better.
Make sure you have mod_unique_id installed.
(Optional) Install the latest version of libxml2, if it isn’t already …

need basically 2 things:

The source for mod_security
A basic set of rules, which will be packaged in the RPM

Once you have these files, you’ll just need to unpack the tarball:

[gallegosja@gallegosja …

When ModSecurity receives request or response information, it makes a copy of this data and places it into memory. It is on this data in memory that transformation functions are applied. The raw request/response data is never altered. Transformation functions

…

ModSecurity installation consists of the following steps:

ModSecurity 2.x works with Apache 2.0.x or better.

…

Ajax security is a major issue for next generation Web applications. The techniques discussed in
this article can give a head start to security professionals to improve the security posture of Web
applications. Web 2.0 applications try to integrate various sources, including …

ModSecurity can also act immediately to prevent attacks from reaching your web applications. There are three commonly used approaches:

Negative security model. Negative security model monitors requests for anomalies, unusual behaviour, and common web application attacks. It keeps anomaly

…

While not perfect, Mod Security does offer some form of protection that as they say, is better than nothing. While there will certainly be a small level of performance hit, in the four odd weeks that I’ve been using it,

…

Whenever a filter catches a request, then an action, or better, a list of actions is performed. The general syntax for action lists is (no spaces are allowed between actions):

“primary_action,secondary_actions,flow_action or parameter:value action”

For example:

SecFilterDefaultAction “deny,log,status:406″

Action lists can be

…