PacktLib: ModSecurity 2.5

ModSecurity 2.5

Credits

About the Author

About the Reviewers

Preface

Installation and Configuration

Versions

Downloading

Unpacking the source code

Required additional libraries and files

Compilation

Integrating ModSecurity with Apache

Configuration file

Testing your installation

Summary

Writing Rules

SecRule syntax

Creating chained rules

Rule IDs

An introduction to regular expressions

Simple string matching

Matching numbers

More about collections

Transformation functions

Other operators

Phases and rule ordering

Actions—what to do when a rule matches

SecAction

Using the ctl action to control the rule engine

Macro expansion

SecRule in practice

Executing shell scripts

Injecting data into responses

Inspecting uploaded files

Summary

Performance

A typical HTTP request

A real-world performance test

Optimizing performance

Summary

Audit Logging

Enabling the audit log engine

Determining what to log

The configuration so far

Log format

Concurrent logging

Selectively disabling logging

Audit log sanitization actions

The ModSecurity Console

Summary

Virtual Patching

Why use virtual patching?

Creating a virtual patch

From vulnerability discovery to virtual patch: An example

Testing your patches

Real-life examples

Summary

Blocking Common Attacks

HTTP fingerprinting

Blocking proxied requests

Cross-site scripting

Cross-site request forgeries

Shell command execution attempts

Null byte attacks

Source code revelation

Directory traversal attacks

Blog spam

SQL injection

Website defacement

Brute force attacks

Directory indexing

Detecting the real IP address of an attacker

Summary

Chroot Jails

What is a chroot jail?

A sample attack

Traditional chrooting

How ModSecurity helps jailing Apache

Using ModSecurity to create a chroot jail

Verifying that the jail works

Chroot caveats

Summary

REMO

More about Remo

Installation

Remo rules

Analyzing log files

Configuration tweaks

Summary

Protecting a Web Application

Considerations before beginning

The web application

Groundwork

Step 1: Identifying user actions

Step 2: Getting detailed information on each action

Step 3: Writing rules

Step 4: Testing the new ruleset

Actions

Blocking what's allowed—denying everything else

Cookies

Headers

Securing the "Start New Topic" action

The ruleset so far

The finished ruleset

Alternative approaches

Keeping everything up to date

Summary

Directives and Variables

Directives and Variables

Directives and Variables

Regular Expressions

Regular Expressions

Regular Expressions

Regular Expressions

Regular Expressions

Regular Expressions

Regular Expressions

Regular Expressions

Regular Expressions

Regular Expressions

Regular Expressions

Regular Expressions

Regular Expressions

Regular Expressions

Regular Expressions

Regular Expressions

Index