Debianhelp.co.uk

            Tighten web applications security Using mod_security for Apache 2.x

     Mod_security is an Apache 1.x/2.x module whose purpose is to tighten the Web application security. Effectively, it is an intrusion detection and prevention system for the web server.

     At the moment its main features are: * Audit log; store full request details in a separate file, including POST
payloads.

* Request filtering; incoming requests can be analysed and offensive requests  can be rejected (or simply logged, if that is what you want). This feature can be used to prevent many types of attacks (e.g. XSS attacks, SQL injection) and even allow you to run insecure applications on your servers (if you have no other choice, of course)

This package contains the module required for Apache 2.x servers. In addition to this package the mod-security-common package, which includes documentation and configuration examples, will be installed.

Installing Configuring mod_security in Debian

#apt-get install libapache2-mod-security

#a2enmod mod-security

#cp /usr/share/doc/libapache2-mod-security/examples/httpd2.conf.example-full /etc/apache2/conf.d


Rename the config file to something more descriptive, like security,and then edit it to suit your needs.

reload apache2 using /etc/init.d/apache2 restart

This package comes with test data located in /usr/share/mod-security/tests and can be run with a perl script located
in that directory (run-test.pl). The tests simulate a series of attacks and give a you pass/fail result.