July 22, 2007

give mod_security a try

Filed under: apache,mod_security,webapplications — admin @ 6:08 pm

We recently installed and activated Mod Security on our PHP and Perl Hosts. It seems to be a resonable tool to have attackers as well spammers (and this seems to be the most interesting part) away from your webapplication. However it needs a certain configuration and continous monitoring and might break your web application as there might be valid requests which will match agains the regular expressions of the tools.

So it might be good to start with it on only certain vhosts and the customizing the rule sets. You can as well define the rules for each vhosts, as well maybe adding specific rules.

Note to hosted sites: it might be that your site now breaks. 🙁 We could not test everything however we tried to monitor the servers a bit and figure out problems.

For installation notes, as well further infos, have a look on our wiki-page. Would be nice if other people contribute some infos: http://www.immerda.ch/index.php/Mod_Security

Proudly powered by wordpress 4.9.8 - Theme by neuro