Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: mod_security - protecting Apache itself |
|
| Author |
|
Fairfielder1
Joined: 19 Apr 2013
Posts: 3
|
 Posted: Fri 19 Apr '13 17:09 Post subject: mod_security - protecting Apache itself |
 |
|
In his ModSecurity Handbook, Ivan says:
"I often get asked if ModSecurity can be used to protect Apache itself. The answer is
that it can, in some limited circumstances, but that it isn’t what it is designed for. You
may sometimes be able to catch an attack with ModSecurity before it hits a vulnerable
spot in Apache or in a third-party module..."
How? Code examples?
Fairfielder1 |
|
| Back to top |
|
ivanr
Joined: 27 Apr 2013
Posts: 6
|
| Posted: Mon 06 May '13 22:12 Post subject: Re: mod_security - protecting Apache itself |
|
|
What I wanted to say there was that ModSecurity was designed to protect applications, but that, as a secondary function, it is also possible to protect Apache itself.
On the inbound, ModSecurity runs in 2 phases. The first one is very early, which happens before most other modules. This phase is great if you want to protect from an Apache exploit. The second phase runs just before Apache actually starts to process a request (e.g., invokes PHP to run a script); in this phase you could still protect against exploits against PHP, for example.
The recent case of the vulnerability in the Range header is a good example, where you could use ModSecurity to protect Apache itself:
https://httpd.apache.org/security/CVE-2011-3192.txt |
|
| Back to top |
|
|
|
|
|
|
