Das Apache Modul ModSecurity kann an den Server gestellte Requests, mittels regulärer Ausdrücke auf bekannte Angriffsmuster hin untersuchen und entsprechend reagieren.
Overview

• Request filtering; incoming requests are analysed as they come in, and before they get handled by the web server or other modules.
• Anti-evasion techniques; paths and parameters are normalised before analysis takes place in order to fight evasion techniques.
• Understanding of the HTTP protocol; since the engine understands HTTP, it performs very specific and fine granulated filtering.
• POST payload analysis; the engine will intercept the contents transmitted using the POST method, too.
• Audit logging; full details of every request (including POST) can be logged for later analysis.
• HTTPS filtering; since the engine is embedded in the web server, it gets access to request data after decryption takes place.

Ein paar vorgefertigte Regelsätze bekommt man bei Got Root?

tags: ModSecurity