- Installation and Configuration
- Integrating ModSecurity with Apache
- Writing Mod Security Rules
- Performance
- Audit Logging
- Virtual Patching
- Blocking Common Attacks
- Chroot Jails
- REMO
- Protecting a Web Application
- Securing Web Goat (Vulnerable Web Application) with MODSECURITY
1. Installation and Configuration
- Unpacking the source code
- Required additional libraries and files
- Compilation
- Testing your installation
2. Integrating ModSecurity with Apache
- Integrating ModSecurity with Apache
- Configuration file
- Completing the configuration
3 . Writing Mod Security Rules
- Variables and collections
- Creating chained rules
- Using @rx to block a remote host
- Simple string matching
- Matching numbers
- More about collections
- Transformation functions
- Phases and rule ordering
- Actions—what to do when a rule matches
- Macro expansion
- SecRule in practice
- SecRule in practice
- Blocking uncommon request methods
- Restricting access to certain times of day
- Detecting credit card leaks
- Detecting credit card numbers
- Executing shell scripts
- Sending alert emails
- Sending more detailed alert emails
- Counting file downloads
- Blocking brute-force password guessing
4 . Performance
- A typical HTTP request
- A real-world performance test
- The core rule set
- Installing the core rule set
- ModSecurity without any loaded rules
- ModSecurity with the core ruleset loaded
- Optimizing performance
5 . Audit Logging
- Enabling the audit log engine
- Single versus multiple file logging
- Determining what to log
- Log format
- Concurrent logging
- Selectively disabling logging
- Audit log sanitization actions
- The ModSecurity Console
6 . Virtual Patching
- Creating a virtual patch
- From vulnerability discovery to virtual patch:
- Creating the patch
- Changing the web application for additional security
- Testing your patches
- Cross-site scripting
7 . Blocking Common Attacks
- HTTP fingerprinting
- How HTTP fingerprinting works
- Server banner
- Response header
- HTTP protocol responses
- Using ModSecurity to defeat HTTP fingerprinting
- How HTTP fingerprinting works
- Blocking proxied requests
- Cross-site scripting
- Preventing XSS attacks
- PDF XSS protection
- Http Only cookies to prevent XSS attacks
- Cross-site request forgeries
- Protecting against cross-site request forgeries
- Shell command execution attempts
- Null byte attacks
- ModSecurity and null bytes
- Source code revelation
- Directory traversal attacks
- Blog spam
- SQL injection
- Preventing SQL injection attacks
- Website defacement
- Brute force attacks
- Directory indexing
- Detecting the real IP address of an attacker
8 . Chroot Jails
- What is a chroot jail?
- A sample attack
- Traditional chrooting
- How ModSecurity helps jailing Apache
- Using ModSecurity to create a chroot jail
- Verifying that the jail works
- Chroot caveats
9 . REMO
- Remo rules
- Creating and editing rules
- Installing the rules
10. Protecting a Web Application
- Step 1: Identifying user actions
- Step 2: Getting detailed information on each action
- Step 3: Writing rules
- Step 4: Testing the new ruleset
- Blocking what's allowed—denying everything else
- Cookies
- Headers
- Securing the "Start New Topic" action
- The ruleset so far
- The finished ruleset
- Alternative approaches
- Keeping everything up to date