An Apache based website firewall ids/ips - TechRepublic
General discussion
November 29, 2005 at 05:19 AM
jaqui

An Apache based website firewall ids/ips

by jaqui . Updated 20 years, 7 months ago

O’Reilly’s linux devlopment newsletter had a blog link to setting up a docbook toolchain by Ivan Ristik, in it he mentions an apache module he developed, that acts as an intrusion detection / prevention system, by filtering both get and post data in uris for illegal type content.
an example of such an input:
[pre]
http://www.webapp.com/login.php?username=admin’;DROP%20TABLE%20users–
[/pre]

a means to improve security of your web app, not a means to not debug the code.
[ it might work for the latter but would definately not be a good practice ]

the site with the documentation about it, including links for downloading both sources and binaries. [ including a windows dll for apache on windows ]

http://www.modsecurity.org/

This discussion is locked

All Comments