Modsecurity Apache3/20/2021
Armed with all the facts, you can understand ModSecuritys weak points and work around them.I like to think about it as an enabler: there are no hard rules telling you what to do; instead, it is up to you to choose your own path through the available features.
Thats why the title of this section asks what ModSecurity can do, not what it does. Modsecurity Apache Full Access ToWith full access to the source code, your freedom to choose extends to the ability to customize and extend the tool itself to make it fit your needs. Theres an added dimension of whats possible through ModSecuritys persistent storage mechanism, which enables you to track system elements over time and perform event correlation. You are able to reliably block, if you so wish, because ModSecurity uses full request and response buffering. Web servers traditionally do very little when it comes to logging for security purposes. They log very little by default, and even with a lot of tweaking you are not able to get everything that you need. I have yet to encounter a web server that is able to log full transaction data. ModSecurity gives you that ability to log anything you need, including raw transaction data, which is essential for forensics. In addition, you get to choose which transactions are logged, which parts of a transaction are logged, and which parts are sanitized. Security assessment is largely seen as an active scheduled event, in which an independent team is sourced to try to perform a simulated attack. Continuous passive security assessment is a variation of real-time monitoring, where, instead of focusing on the behavior of the external parties, you focus on the behavior of the system itself. For example, it is possible to fix many session management issues, as well as cross-site request forgery vulnerabilities. Real life often throws unusual demands to us, and that is when the flexibility of ModSecurity comes in handy where you need it the most. It may be a security need, but it may also be something completely different. For example, some people use ModSecurity as an XML web service router, combining its ability to parse XML and apply XPath expressions with its ability to proxy requests. Who knew. There are four guiding principles on which ModSecurity is based, as follows. I didnt see much value in hardcoded functionality, because real life is so complex that everyone needs to do things just slightly differently. ModSecurity achieves flexibility by giving you a powerful rule language, which allows you to do exactly what you need to, in combination with the ability to apply rules only where you need to. ModSecurity will take great care to never interact with a transaction unless you tell it to. That is simply because I dont trust tools, even the one I built, to make decisions for me. Thats why ModSecurity will give you plenty of information, but ultimately leave the decisions to you. Theres no such thing as a perfect tool, but a predictable one is the next best thing.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |