What is mod security (mod_security)?
ModSecurity is an embeddable web application firewall. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure.
It is also an open source project that aims to make the web application firewall technology available to everyone.
Why i need mod_security?
With over 70% of all web attacks is carried out over the web application level, mod security is an essential tool that every web server should have to detect and block these web base attack. If you are using some open source application (like WordPress, phpNuke, Joomla CMS and etc) without much upgrade or patching, then my advice is to install mod_security to detect and block those common security vulnerabilities.
What mod_security do to protect my website?
The latest version of mod security (2.1.5) come with built in the core rules set and this core rules set will be able to detect and block common security vulnerabilities like below:-
- Detect requests by malicious automated programs such as robots, crawlers and security scanners
- SQL injection and Blind SQL injection.
- Cross Site Scripting (XSS).
- OS Command Injection and remote command access.
- File name injection.
- ColdFusion, PHP and ASP injection.
- E-Mail Injection
- HTTP Response Splitting.
- Universal PDF XSS.
- Trojans & Backdoors Detection
mod_security team claim that the latest core rule set is optimized for performance and is designed to be as plug and play as possible.
So, if you do not know if your server has mod_security installed,
feel free to ask your server administrator about it.
If you own a dedicated server,
then i think it’s a good move to install mod_security at your server 🙂
Thanks mod_security team for making the web more safer.