Become a fan of Slashdot on Facebook


Forgot your password?

ModSecurity 2.5 25

Martijn de Boer writes "For a long time now Apache's webserver software has been serving up the Web. Because Internet usage is still growing every day, securing your growing number of servers has become very important. ModSecurity 2.5 has been written to illustrate and educate you the ease of use and inner workings of the ModSecurity module for the most widespread webserver." Read below for the rest of Martijn's review.
ModSecurity 2.5
author Magnus Mischel
pages 280
publisher Packt
rating 9/10
reviewer Martijn de Boer
ISBN 1847194745
summary shows you how to secure your web application and server
The cover reads “Prevent web application hacking with this easy-to-use guide” and sticks with this claim to provide you with a good pathway to secure your webserver. The book is aimed at system administrators ranging from enthusiasts running a webserver at home to your friendly administrators at a large company. Most of the book requires only familiarity with using the linux shell and basic Apache configurations, but earlier encounters with some technicalities like regular expressions may be of help during your reading.

Throughout the chapters the author takes you from the different methods of installing ModSecurity and the basics of creating your first rules to the discovery and reporting of your possible intrusions. Generally providing solutions for example geolocating the origin of the hack, and automatically scanning uploaded files for viruses, the authors background in Internet Security makes this book a valuable asset to your bookshelf.

In the chapters found later in the book, the author shows how to use tools to fingerprint your server and provides you with recipes on how to prevent these methods of gathering information about your server. There is also a lot of information about the impact of rules on the performance of your server. Because the impact is different in every situation, you will be guided around some tools to measure the performance and you will learn how to interpret this data.

Chapter 5 talks about Virtual Patching, a method of preventing misuse by intercepting bad traffic and creating a set of rules for this. This chapter is by far the best piece of information I have found on how this actually works, and how you implement such rules and configuration, and why you should use the method of virtual patching in your situation. Basically the author takes out all the question marks you will have about this method of quickly applying rules and provides a case which is fully illustrated with a lot of background information about the process of finding a insecure piece of code to solving this with a set of rules.

When Packt Publishing contacted me if I would like to review another book for them, I picked this one out of the new releases because using ModSecurity has never been a priority for me. After seeing the title and table of contents I realized that you can never start too early to dive into this subject, and start preventing misuse before it causes more trouble then you can handle, trouble always finds you at the worst times. The author has divided the book in logical chapters, and the depth of information builds up equally from beginning to end. For instance, the second chapter takes you through the basics of regular expressions, but because you will encounter them during rule creation Appendix B will educate you with all specifics of creating those expressions.
As a developer running local test servers, I have found this book very interesting and a great resource on a for me grey area of server security. I am pleasantly surprised by the clarity of the book, the writing style makes you really want to dive into your webserver to apply your newly gained insight to ModSecurity.

You can purchase ModSecurity 2.5 from Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.


This discussion has been archived. No new comments can be posted.

ModSecurity 2.5

Comments Filter:
  • dumb question? (Score:1, Insightful)

    by girlintraining ( 1395911 ) on Wednesday January 13, 2010 @03:14PM (#30754446)

    This might be a dumb question, but why do we have to build http servers that integrate everything? Wouldn't it make sense to design a very minimal http server which focuses on using a minimal amount of resources and have an API layer that enforces security permissions from the start? Every time I ask this, the answer eventually boils down to it being a tradeoff between performance and reliability -- either you can have a well-designed core and a strong security model, or you can allow the plugins to execute code directly in the same space as the server.

    Isn't there a better way to handle this?

  • Re:dumb question? (Score:1, Insightful)

    by Anonymous Coward on Wednesday January 13, 2010 @03:21PM (#30754576)

    I think we all want a larger version of the answer, so:

    HELL, NO

    would do it

  • Confusion? (Score:4, Insightful)

    by saberworks ( 267163 ) on Wednesday January 13, 2010 @03:21PM (#30754582)

    There seems to be some confusion -- this isn't a product to secure apache, it's a product to secure your web applications running on top of apache. It's designed to detect and prevent attacks on your app, not on the apache server itself.

  • Re:Confusion? (Score:3, Insightful)

    by jfinke ( 68409 ) on Wednesday January 13, 2010 @03:29PM (#30754722) Homepage
    I believe they classify this as a Web Application Firewall (WAF). So, theoretically, it would catch stuff like XSS, SQL Injection, etc. Now, you have your Apache misconfigured, I am not sure what it will do for you.
  • Nonsense (Score:1, Insightful)

    by Anonymous Coward on Wednesday January 13, 2010 @03:47PM (#30754990)

    "For a long time now Apache's webserver software has been serving up the Web. Because Internet usage is still growing every day, securing your growing number of servers has become very important."

    "Apache is a old open source project" "Internet is growing" "that's why your servers should be more secure"

    Hmmm... should that really mean something? :)

Matter cannot be created or destroyed, nor can it be returned without a receipt.