Book Image

ModSecurity 2.5

Book Image

ModSecurity 2.5

Overview of this book

With more than 67% of web servers running Apache and web-based attacks becoming more and more prevalent, web security has become a critical area for web site managers. Most existing tools work on the TCP/IP level, failing to use the specifics of the HTTP protocol in their operation. Mod_security is a module running on Apache, which will help you overcome the security threats prevalent in the online world. A complete guide to using ModSecurity, this book will show you how to secure your web application and server, and does so by using real-world examples of attacks currently in use. It will help you learn about SQL injection, cross-site scripting attacks, cross-site request forgeries, null byte attacks, and many more so that you know how attackers operate. Using clear, step-by-step instructions this book starts by teaching you how to install and set up ModSecurity, before diving into the rule language with examples. It assumes no prior knowledge of ModSecurity, so as long as you are familiar with basic Linux administration, you can start to learn right away. Real-life case studies are used to illustrate the dangers on the Web today ñ you will for example learn how the recent worm that hit Twitter works, and how you could have used ModSecurity to stop it in its tracks. The mechanisms behind these and other attacks are described in detail, and you will learn everything you need to know to make sure your server and web application remain unscathed on the increasingly dangerous web. Have you ever wondered how attackers figure out the exact web server version running on a system? They use a technique called HTTP fingerprinting, and you will learn about this in depth and how to defend against it by flying your web server under a "false flag". The last part of the book shows you how to really lock down a web application by implementing a positive security model that only allows through requests that conform to a specific, pre-approved model, and denying anything that is even the slightest bit out of line.
Table of Contents (17 chapters)
ModSecurity 2.5
Credits
About the Author
About the Reviewers
Preface
Directives and Variables
Index

Installation


Remo can be downloaded from the developer's site at http://remo.netnea.com. The application is written in the web application framework Ruby on Rails (RoR), and hence requires that Ruby is first installed before you can begin using it. Ruby is the programming language used to create Remo, and the actual web application framework—the "on Rails" bit—is also required. Fortunately, this is distributed together with Remo, so as long as you have Ruby installed and working you should be all set to start using Remo. Let's take a look now at how to install Remo.

The latest packaged release of Remo is version 0.2.0 beta, which is what we'll be downloading:

$ wget http://www.netnea.com/files/remo-0.2.0.tar.gz
Resolving www.netnea.com... 213.200.225.210
Connecting to www.netnea.com|213.200.225.210|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1698245 (1.6M) [application/x-gzip]
Saving to: `remo-0.2.0.tar.gz'
...
2009-05-26 11:33:34 (135 KB/s) - `remo-0.2.0.tar...