SpiderLabs/ModSecurity: A Open Source Web Application Firewall (WAF) Module

Features:

The features of ModSecurity are following:

It is an open source, cross-platform engine.
It has a robust event-based programming language which provides protection against web applications.
It also allows for HTTP traffic monitoring, logging etc.
In order to implement advanced protections it provides a power rules language and API.

Principles of ModSecurity:

Exactly four principles are there on which ModSecurity is based, they are:

Techniques used by the Core Rules:

The important techniques are following:

HTTP Protection and Denial Of Service Protections- that detect violations of the HTTP protocol and protects against HTTP Flooding respectively.
Automation Detection and Trojan Protection- it detects crawlers, scanners, bots etc and Trojan Protection detects access to Trojans horses.
Real-time Blacklist Lookups - it utilizes a 3rd Party IP Reputation.
Error Detection and Hiding - For error messages sent by the server.
Tracking Sensitive Data - it tracks Credit Card usage and blocks leakages.
Web-based Malware Detection - it identifies malicious web content.

What can ModSecurity do?

ModSecurity can do the following and its usage are:

For Installation:

In Ubuntu/Debian you have use these commands.

$ sudo apt-get install libapache2-mod-security

$ sudo a2enmod mod-security

$ sudo /etc/init.d/apache2 force-reload

In Fedora/CentOS you have use these commands.

$ sudo yum install mod_security

$ sudo /etc/init.d/httpd restart

In Microsoft IIS (MSI Installer) install the following:

ModSecurity v2.9.1 for IIS MSI Installer - 32bits (sha256)

ModSecurity v2.9.1 for IIS MSI Installer - 64bits (sha256)

Licence:

Download