Review: Mod-Security 2.5 by Magnus Mischel

    Date29 Jan 2010
    41086
    Posted ByDave Wreski
    Thanks to Eric Lubow for contributing this great review.

    Being a SysAdmin (as most of you who read this blog regularly know), I love to look at logs to solve problems. If there is an issue, the first thing I always do is look at the logs to see what went wrong. Even when I am writing programs, I build debugging in from the beginning to make sure I know what One of my favorite things about mod_security is that (amongst other things), it provides logging where none was provided. In fact, there is a whole chapter dedicated to it (chapter 4 on audit logging). And thus the first chapter I went to (just for fun). So I started flipping back and forth between chapters 2 (writing rules) and 4 (audit logging) to create my ruleset. I quickly realized that it was going to be a pain to do it that way. So I sucked it up and started reading the book. I normally hate doing that because typically technical books read like watching paint dry, but this one read fairly easily. I also happen to really like the type face conventions used by Packt Publishing to make examples separate from text separate from whatever else needs to stand out.

    I skimmed chapter 1 because I not only have built programs including Apache modules in my time, but I have also setup mod_security 1 before. This is why I was so excited to dive into this book since it has been a while and I wanted to see what has changed in mod_security over the years.

    Right into chapter 2, I wrote a few logging rules and some protection from SQL injection. And then I tried out the recipe to stop all visitors from the US from accessing the web site. Needless to say that worked, so I apologize for the few min of downtime you all may have experienced.

    Chapter 3 was inevitably about performance. This is always a concern amongst admins. Most of your fears are assuaged by chart after comparison chart of how Apache works under the load of httperf along with a few experience based suggestions on how to reduce Apache

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"48","type":"x","order":"1","pct":88.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"4","type":"x","order":"2","pct":7.41,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.7,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.