Thursday 3 March 2016

SpiderLabs/ModSecurity: A Open Source Web Application Firewall (WAF) Module

SpiderLabs/ModSecurity: A Open Source Web Application Firewall (WAF) Module

Definition: ModSecurity is an Apache web application firewall (WAF) engine, which is developed by Trustwave's SpiderLabs. ModSecurity is an open source, cross-platform engine. It is also for Nginx and IIS. A free certified rule set for ModSecurity 2.x. has been provided by the Trustwave's SpiderLabs.


The features of ModSecurity are following:

  • It is an open source, cross-platform engine. 
  • It has a robust event-based programming language which provides protection against web applications.
  • It also allows for HTTP traffic monitoring, logging etc.
  • In order to implement advanced protections it provides a power rules language and API.

Principles of ModSecurity:

Exactly four principles are there on which ModSecurity is based, they are:

  • Flexibility.
  • Passiveness.
  • Quality over quantity.
  • Predictability.

Techniques used by the Core Rules:

The important techniques are following:

  • HTTP Protection and Denial Of Service Protections- that detect violations of the HTTP protocol and protects against HTTP Flooding respectively.
  • Automation Detection and Trojan Protection- it detects crawlers, scanners, bots etc and Trojan Protection detects access to Trojans horses.
  • Real-time Blacklist Lookups - it utilizes a 3rd Party IP Reputation.
  • Error Detection and Hiding - For error messages sent by the server.
  • Tracking Sensitive Data - it tracks Credit Card usage and blocks leakages.
  • Web-based Malware Detection - it identifies malicious web content.

What can ModSecurity do?

ModSecurity can do the following and its usage are:

  • Real-time application security monitoring and access control.
  • Continuous passive security assessment.
  • Virtual patching.
  • Full HTTP traffic logging.
  • Web application hardening.

For Installation:

In Ubuntu/Debian you have use these commands.
$ sudo apt-get install libapache2-mod-security
$ sudo a2enmod mod-security
$ sudo /etc/init.d/apache2 force-reload

In Fedora/CentOS you have use these commands.
$ sudo yum install mod_security
$ sudo /etc/init.d/httpd restart

In Microsoft IIS (MSI Installer) install the following:
ModSecurity v2.9.1 for IIS MSI Installer - 32bits (sha256)
ModSecurity v2.9.1 for IIS MSI Installer - 64bits (sha256)


The Licence is Copyright (c) 2004-2013 Trustwave Holdings, Inc. 


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer