mod_security and Apache 2.0.XX

ModSecurity is a powerful module for Apache to monitor traffic and prevent attacks with a set of rules based on urls, variables, SOAP parameter values etc… It can be deployed on Apache 2.0 and 2.2. Some samples of http.conf file can be misleading if you use Apache 2.0 :

<IfModule security2_module>
     Include conf/rules/*.conf

When you start Apache you will see a log entry about the successful configuration of security2_module. But the module itself doesn’t log anything and your rules don’t work. The appropriate module directive for Apache 2.0 is :

<IfModule security2_module.c>
     Include conf/rules/*.conf

For Apache on Windows you can use the binaries from apachelounge.com

Billet publié dans les rubriques Programmation le