What is ModSecurity ?
ModSecurity is a popular open source module for Apache web servers to provide a Web Application Firewall (WAF), a layer of security to shield the web server and the applications running on it from harm or compromise. ModSecurity can be implemented as a Firewall or as a proxy web server for a https://waf.comodo.com you custom build.
ModSecurity monitors and logs HTTP traffic and can potentially control inputs and outputs to and from the web server and applications based on a defined set of rules.
What are ModSecurity Rules?
While the logging and monitoring features have value, the key to ModSecurity ‘s effectiveness is its “rules engine” that controls inputs and outputs based on a set of defined rules. It uses a special programming language that is designed to work with HTTP transaction data. The ModSecurity Rule Language makes it possible to create flexible and customizable rules that protect your servers and applications from harm while allowing uninhibited valid traffic.
ModSecurity Rule Sets provide protection in the following categories:
1) HTTP Protection: Detecting violations of the HTTP protocol and a locally defined usage policy.
2) Real – time Blacklist Lookups : Utilizes 3rd Party IP Reputation
3) HTTP Denial of Service Protections : Defense against HTTP Flooding and Slow HTTP DoS Attacks.
4) Common Web Attacks Protection : Detecting common web application security attacks.
5) Automation Detection : Detecting bots, crawlers, scanners and other surface malicious activity.
6) Integration with AntiVirus Scanning for File Uploads : Detects malicious files uploaded through the web application.
7) Tracking Sensitive Data: Tracks Credit Card usage and blocks leakages.
8) Trojan Protection: Detecting access to Trojans horses.
9) Identification of Application Defects: Alerts on application misconfiguration.