Being a SysAdmin (as most of you who read this blog regularly know), I love to look at logs to solve problems. If there is an issue, the first thing I always do is look at the logs to see what went wrong. Even when I am writing programs, I build debugging in from the beginning to make sure I know what One of my favorite things about mod_security is that (amongst other things), it provides logging where none was provided. In fact, there is a whole chapter dedicated to it (chapter 4 on audit logging). And thus the first chapter I went to (just for fun). So I started flipping back and forth between chapters 2 (writing rules) and 4 (audit logging) to create my ruleset. I quickly realized that it was going to be a pain to do it that way. So I sucked it up and started reading the book. I normally hate doing that because typically technical books read like watching paint dry, but this one read fairly easily. I also happen to really like the type face conventions used by Packt Publishing to make examples separate from text separate from whatever else needs to stand out.
I skimmed chapter 1 because I not only have built programs including Apache modules in my time, but I have also setup mod_security 1 before. This is why I was so excited to dive into this book since it has been a while and I wanted to see what has changed in mod_security over the years.
Right into chapter 2, I wrote a few logging rules and some protection from SQL injection. And then I tried out the recipe to stop all visitors from the US from accessing the web site. Needless to say that worked, so I apologize for the few min of downtime you all may have experienced.
Chapter 3 was inevitably about performance. This is always a concern amongst admins. Most of your fears are assuaged by chart after comparison chart of how Apache works under the load of httperf along with a few experience based suggestions on how to reduce Apache