IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [mod-security]

ModSecurity is a web application firewall for Apache, IIS ang Nginx. It provides logging, monitoring and filtering features.

ModSecurity is a web application firewall by Trustwave SpiderLabs. The project provides a module for several web servers (Apache , IIS , Nginx , and a Java servlet filter) with logging, monitoring and filtering features. The module implements a policy described as a set of rules. SpiderLabs provides an official, free set of rules (the Core Rule Set) and sells more. The related tool ModProfiler analyzes logs and can be used to produce rules.

Official links

83 questions
11
votes
1 answer

Relative importance of CHROOT for web servers

I have read extremely mixed opinions on the process of chrooting for a web server (non-shared environment). Some people swear by it, yet others say that it isn't as secure as everyone says. Given that chrooting can be difficult and time consuming to…
freb
  • 1,401
  • 8
  • 14
7
votes
4 answers

Does default ModSecurity protect enough against XSS?

It's been a few years since I mucked around with modsecurity... Will simply installing the package with the default rules provide enough validation to prevent any (okay, let's be honest - best we can hope for is "most") type of XSS? My assumption…
AviD
  • 72,138
  • 22
  • 136
  • 218
7
votes
2 answers

Any Alternative to Ngrok for constant Connection?

Im trying to build RAT to test on my computer. I use ngrok for hacking on WAN. But ngrok has a problem of changing its subdomain once the connection is reset. So, I cant use ngrok for hacking over WAN. I tried using ngrok sub-domain, but now it has…
Adithyan AK
  • 79
  • 1
  • 1
  • 2
7
votes
5 answers

Master thesis topic - mod_security

I've been playing with mod_security for some time and I'd like somehow to use it in my master thesis. I don't know exactly how this work could be more interesting than describing what mod_security does, what kind of web attacks can be prevented…
cradox23
  • 173
  • 3
6
votes
1 answer

Why these 2 regexp won't work as expected in ModSecurity?

PROBLEMRULE #1; SecRule REQUEST_URI "^/(|(.*)/)(lpt1|lpt2|lpt3|lpt4)(/|\.|\?|$)" "t:none,t:htmlEntityDecode,t:lowercase,t:removeWhitespace,block,msg:'X',id:'1000'" PROBLEMRULE #2; SecRule REQUEST_URI "^(.*)//(.*)$"…
Krey
  • 61
  • 3
5
votes
1 answer

Is it worth using ModSecurity on a single entry point websocket connection?

I'm trying to evaluate benefits of using ModSecurity in our system. From that what I read till now, I have feeling it is not very useful for us. In our web app, there is single entry point, which is encrypted websocket connection. That design might…
user902383
  • 258
  • 1
  • 9
4
votes
4 answers

Generic defense againt SQL injection

This is a little bit of a rant, but there's a real question at the end. I recently installed a new perl script on a site (which will remain nameless) which failed mysteriously with an error 403. Eventually I found a clue in this error in the apache…
ddyer
  • 1,974
  • 1
  • 12
  • 20
4
votes
1 answer

Securing a simple webservice against brute-force with mod-security

I want to provide basic defense against brute-force attacks against a simple HTTPS web service. The web service provides a login method (let's say at http://example.org/login) which gets passed a username and password as HTTP GET parameters or as…
Jakob
  • 193
  • 1
  • 5
4
votes
2 answers

How to improve VPS security?

I’m using Linux based VPS hosting, and a firewall and mod_sec help to keep most hackers out. However, over the last couple of weeks I noticed several entries in mod_sec showing that an unknown domain was attacked. Does this mean that the VPS is…
Evelyn
3
votes
3 answers

How to whitelist IP address mod_security CentOS 6

Is it possible to white list an IP address in mod_security? I found white ist whole domain name in mod_security. But I want to white list only the administrator IP. OS: CentOS 6 Server: Apache httpd 2.15 Mod Security: Version 2.7
Kasun
  • 784
  • 2
  • 5
  • 13
3
votes
1 answer

Mod_security for Apache2 blocks cURL!

I'm trying to get my users lat. and lng. from their address using Google's geocoding API but when mod:security is enabled, it prevents it and the script times out. How can I add an exception by IP or domain for this or just remove whatever…
Neo
  • 131
  • 1
  • 5
3
votes
1 answer

How to filter https traffic in mod-security WAF?

I'm developing a WAF with good GUI and better log. And my base firewall is mod-security. It works well for http but I also want to work my WAF with https. Any suggestions?
Daniel Exar
  • 49
  • 6
3
votes
1 answer

ModSecurity - XSS not blocked when #/ (hash) is added in the url by NodeJS application

I have installed ModSecurity in Apache server and using it as a reverse proxy to forward request to a NodeJS applicaiton. I have followed this tutorial to configure ModSecurity in Apache,…
cookiejar1
  • 31
  • 1
3
votes
1 answer

auditing mod security rule sets

Is there a audit system that can help me try my strings? Such as user agents, post/get data, a simple way to test general sql injections to see how my rule sets hold? I know with fire fox I can change my user agent but what about trying post and get…
Thompson Smith
3
votes
3 answers

How useful is the default configuration of ModSecurity for a generic web application?

Scenario: ModSecurity with a "default" or "generic" configuration (like the one that might be provided by shared hosting providers, for example). Generic web application (custom, uncommon, or unknown), for which specific rules are not provided by…
reed
  • 15,398
  • 6
  • 43
  • 64
1
2 3 4 5 6