Apache's Mod_Security
Results 1 to 4 of 4

Thread: Apache's Mod_Security

  1. #1
    Senior Member
    Join Date
    Mar 2003
    Posts
    452

    Apache's Mod_Security

    I'm considering installing mod_security ( http://www.modsecurity.org/ ). I'm just wondering if anyone else here has used this. From what I understand, this Apache module will help fight off Cross Site Scripting and SQL Injection Attacks.

    If you've used it, what was the impact on your server? Performance? Did it prevent any attack you might have tested?


    Thanks for your comments, advice, post in advance.

    --PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    It's quite a useful piece of kit. But you have to use it with care.

    Its performance impact is negligible, and it does stop a lot of SQL injection or traversal attacks etc.

    However, the big drawback is having it blocking legitimate traffic. This is worse on forums, particularly IT-related ones, where the keywords its rules are looking for tend to get triggered accidentally.

    The default rules are quite unsuitable for general use - particularly the XSS blocking rules, which are so generic they effectively block everything.

    My advice is to disable all rules EXCEPT for ones which deal with SQL injections - particularly if that's where your problems lie.

    A lot of the stuff it ends up blocking is IIS/win32 worms - which is entirely pointless as Apache isn't vulnerable to these attacks in the first place.

    Just disable any rule which could possibly generate false positives.

    Slarty

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    That being said, this product sounds like more of a hassle then what it's really worth.

    Any other experiences?


    --PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    I wasn't trying to dissuade you from using it - just a warning. It's a configurable piece of kit, with a lot of rules available. If you turn the wrong ones on, you damage your own site.

    Slarty

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •