Showing 23 results for: 2006 ×

Using ModSecurity 2 Collections in Rules

A recent posting on the ModSecurity mailing list by K.C. Li is a very good excuse to discuss some major changes between ModSecurity version 1 and 2 and how to it influence rule writing. K. C. used the following rule...

ModSecurity v2.0 Webcast

In response to many of the common questions and issues posted to the mail-list, we at Breach Security decided to host a webcast to help provide answers and shed some light on the new v2.0 features – http://www.modsecurity.org/training/. This is...

ModSecurity Cookie and Link Protection Patch

A significant event occurred on the mod-security-users mailing list in July: a large code contribution was made by Daniel Fernndez Bleda and Carles Bonamusa Prez from Internet Security Auditors. The patch, made against ModSecurity 1.9.4, adds cookie and link protection...

ModSecurity Performance Tip

I was asked recently to investigate performance of an ModSecurity installation in order to see if there's room for improvement. This particular installation is used to defend against blog comment spam. It has a large number of simple rules, all...

Apache Reverse Proxy Memory Consumption Observations

Last week I spent some time stress-testing Apache 2.2.3 configured to work as a reverse proxy. I discovered (actually, re-discovered would be more accurate) two issues worth sharing. Memory consumption of an Apache process will steadily increase as the number...

ModSecurity 1.9.x Performance Testing

You can tell that I am too busy when I take almost three months to blog about something interesting and useful to a wider audience. This is one of those occasions. Earlier this year Adrian Asher, Head of Security at...

ModSecurity Console Now Available

I love the command line, I do. But there are some tasks where this type of user interface is simply not enough. Monitoring ModSecurity is one of them. Sifting through gigabytes of log files looking for clues and trying to...

ModSecurity 2: Explicit Normalisation Options

One of the things I realy dislike in ModSecurity 1.x is that its anti-evasion features are implicit. A series of transformations is always performed on input data and always in the same order. This is somewhat convenient because it saves...

Secure Browsing Mode Proposal

It's very well known (and even widely accepted) that our current web application deployment model suffers from multiple security problems. We've done a lot to mitigate these problems over the years but there is only so much one can do...

Jailing Apache On Windows

Yury Zaytsev wrote to me recently to tell me about his experiences in jailing Apache on Windows. Although, strictly speaking, Windows does not have the chroot system call or an equivalent it is still possible to do a pretty good...

Apache suEXEC chroot patch

I was recently involved with a project where we needed to configure an Apache server that was intended to run multiple web sites/applications. It's a pretty common assignment. To ensure the setup is secure I decided to start by creating...

First development release of ModSecurity 2.x

It's that time of year again, when I get to work on new features (instead of supporting the old ones). With a major change to the version number of the way I took the opportunity to introduce major improvements too....

ModSecurity Elevator Pitch at EUSecWest

I spent some time this week at the EUSecWest conference here in London. EUSecWest is a highly-technical security conference. Organised by the same people that are doing CanSecWest, this is the first time they had a conference here in Europe....