2 years ago (2019-03-12)  Technology |   First to comment  45 
post score 0 times, average 0.0

ModSecurity is an intrusion detection and blocking engine that is primarily used for WEB applications, so it can also be called a WEB application firewall; it can be run as a module of the Apache Web server or as a separate application.The purpose of ModSecurity is to enhance the security of WEB applications to protect WEB applications from attack. Take advantage of ModSecurity to protect your WordPress blog

Availability of ModSecurity 2.9.1

ModSecurity feature Features

HTTP Traffic Logging

The log functionality already available on the Web server is sufficient for access request analysis, but there are some shortcomings in the application analysis of the web, especially in most cases there is no way to record the request body.Your opponent is well aware of this, so many times the attack is generated through POST requests and causes your system to be blind.ModSecurity fully gets the content in the HTTP interaction and records the full request and response.Its logging capabilities allow you to make more detailed judgments about exactly what is logged in and make sure that the relevant data is recorded.Some of the key fields in some requests and responses may contain sensitive data, and ModSecurity can be configured to hide them before recording these audit logs.

Real-time monitoring and attack detection

In addition to providing logging capabilities, ModSecurity also monitors HTTP traffic in real time to detect attacks.At some point, ModSecurity as a WEB intrusion detection tool that allows you to respond to some suspicious events that occur on a WEB system.

Attack defense and timely patching

ModSecurity can immediately attack defense against your WEB application, with three common methods: 1, negative (negative) security model: Negative security models monitor unusual, infrequent, and generic WEB attack class requests.It counts the IP address for each request, the exception score that should be connected, and the user account, and logs are logged and completely blocked for access when a higher exception score occurs. 2, Active safety mode open: After the deployment of the active security model, only those clear requests are allowed to pass, others are prohibited.This pattern requires you to have a great understanding of WEB apps that need to be protected.Therefore, the active security model is best used for systems that are heavily accessed but rarely updated in order to minimize the maintenance effort of this model. 3, known vulnerability attacks: Its rule language makes ModSecurity an ideal external patching tool, external patching (sometimes referred to as virtual patching) can reduce the window of opportunity.It usually takes weeks for some organizations to fix vulnerabilities in these applications, and with ModSecurity, applications can be patched from the outside without changing the source code of the app (or even without having to worry about it) to keep your system safe until there is a suitable patch to apply to the system.

Flexible Rule Engine

The flexible rule engine is the core of ModSecurity, which implements the ModSecurity rule language, which is a dedicated program language designed to handle HTTP transfer data.The ModSecurity rule language is designed to be easy to use and very flexible: Common operations are simple, and complex operations can be implemented.Certified ModSecurity rules, placed in ModSecurity, contain a set of rules that enable general purpose hardening, protocol formalization, and detection of security issues for some common Web applications.A large number of commentators have argued that these rules can be used to learn research.

Embedded Mode deployment

ModSecurity is an embedded WEB application firewall that means it can be part of an Apache-based WEB server that already provides WEB services.Such a deployment Sching some special advantages: 1. Do not change the existing network structure.It only takes a few minutes to add ModSecurity to your WEB server, and because it is designed as a completely passive way by default, you are free to deploy gradually and use only the features you need.It can also be easily deleted or deactivated according to your needs. 2, there is no single point of failure.Unlike how network devices are deployed, you don't bring new points of failure to your system. 3, absolutely support load balancing.Because it runs on a WEB server in an embedded manner, ModSecurity automatically takes advantage of additional load balancing features.You don't need to consider load balancing unless your system already needs it. 4, very little overhead.Because it works within the WEB server process, it does not generate the load of indirect network traffic, and only minimal analysis and data exchange overhead. 5, encryption or compression content is no problem.Many IDS systems are difficult to analyze SSL traffic, but there is no hassle for ModSecurity because it works in the data link that has been decrypted and reconciled.

Network-based deployment

In the reverse proxy mode based on Apache, ModSecurity also works well, and many of our customers choose to do so.In this case, the ModSecurity can protect any one by one WEB servers, even if it is not Apache's.  

Install ModSecurity based on WordPress Docker mirroring


Enable mod-security in the site configuration file


  • XSS Testing

  • SQL Injection

Open Source Projects



Follow my WeChat to get an article update

If you find this article useful to you, you can click on the "sponsor author" below to reward the author!

Reprint indicating the original source:Baiyuan's Blog>>https://wangbaiyuan.cn/en/use-modsecurity-escort-your-wordpress-blog-2.html

Post comment


No Comment


Forget password?