SpiderLabs/ModSecurity: A Open Source Web Application Firewall (WAF) Module
Definition: ModSecurity is an Apache web application firewall (WAF) engine, which is developed by Trustwave's SpiderLabs. ModSecurity is an open source, cross-platform engine. It is also for Nginx and IIS. A free certified rule set for ModSecurity 2.x. has been provided by the Trustwave's SpiderLabs.
The features of ModSecurity are following:
- It is an open source, cross-platform engine.
- It has a robust event-based programming language which provides protection against web applications.
- It also allows for HTTP traffic monitoring, logging etc.
- In order to implement advanced protections it provides a power rules language and API.
Principles of ModSecurity:
Exactly four principles are there on which ModSecurity is based, they are:
- Quality over quantity.
Techniques used by the Core Rules:
The important techniques are following:
- HTTP Protection and Denial Of Service Protections- that detect violations of the HTTP protocol and protects against HTTP Flooding respectively.
- Automation Detection and Trojan Protection- it detects crawlers, scanners, bots etc and Trojan Protection detects access to Trojans horses.
- Real-time Blacklist Lookups - it utilizes a 3rd Party IP Reputation.
- Error Detection and Hiding - For error messages sent by the server.
- Tracking Sensitive Data - it tracks Credit Card usage and blocks leakages.
- Web-based Malware Detection - it identifies malicious web content.
What can ModSecurity do?
ModSecurity can do the following and its usage are:
- Real-time application security monitoring and access control.
- Continuous passive security assessment.
- Virtual patching.
- Full HTTP traffic logging.
- Web application hardening.
In Ubuntu/Debian you have use these commands.
$ sudo apt-get install libapache2-mod-security
$ sudo a2enmod mod-security
$ sudo /etc/init.d/apache2 force-reload
In Fedora/CentOS you have use these commands.
$ sudo yum install mod_security
$ sudo /etc/init.d/httpd restart
In Microsoft IIS (MSI Installer) install the following:
ModSecurity v2.9.1 for IIS MSI Installer - 32bits (sha256)
ModSecurity v2.9.1 for IIS MSI Installer - 64bits (sha256)
The Licence is Copyright (c) 2004-2013 Trustwave Holdings, Inc.