Arise, arise, riders of Theoden! Spears shall be shaken, shields shall be splintered! A sword day, a red day, ere the sun rises!

Theoden King, Battle of the Fields of the Pelennor


Conclusion

Linh Vu <bruce[at]erethesunrises[dot]net>

In web security, the web server (Apache) level is an important layer in the overall security of the entire system, as this layer has full access to all web streams and directly covers web applications. The Apache family of modules provide web administrators with very powerful tools to assist with secure deployment and maintenance of websites, such as mod_access, mod_auth_*, mod_rewrite and mod_security - the web application firewall. These tools can monitor, block and log malicious requests that are crafted for exploiting known vulnerabilities of web applications, which are often out of the web administrators' control to provide timely patches for. While they cannot replace a secure design and implementation of web application code, they remain a crucial defensive wall for web servers - systems that are meant to be open to the Internet, an environment that has many rogue bots and script kiddies scannning every server they come across for security holes to exploit.

References

HREF1 http://www.ph.unimelb.edu.au/people/profile.php?user_id=473
HREF2 http://www.ph.unimelb.edu.au
HREF3 http://httpd.apache.org
HREF4 http://www.php.net
HREF5 http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
HREF6 http://ez.no
HREF7 http://awstats.sourceforge.net
HREF8 http://httpd.apache.org/docs/2.0/mod/mod_alias.html
HREF9 http://httpd.apache.org/docs/2.0/mod/mod_access.html
HREF10 http://httpd.apache.org/docs/2.0/mod/
HREF11 http://www.gotroot.com/tiki-view_blog_post.php?blogId=&postId=34
HREF12 http://www.spamhaus.org
HREF13 http://www.phpbb.com
HREF14 http://www.horde.org
HREF15 http://www.mamboserver.com
HREF16 http://www.modsecurity.org
HREF17 http://www.thinkingstone.com
HREF18 http://www.apachesecurity.net
HREF19 http://www.modsecurity.org/download/index.html
HREF20 http://www.openbsd.org
HREF21 http://www.modsecurity.org/documentation/index.html
HREF22 http://www.apachesecurity.net/tools/index.html
HREF23 http://www.clamav.net
HREF24 http://snort.org
HREF25 http://www.gotroot.com
HREF26 http://www.progllc.com
HREF27 http://www.modsecurity.org/contact

Article index

  1. Introduction
  2. Hardening Apache
  3. Mod-security: the open source web application firewall
  4. Conclusion

Page contents

Article info

Published: Wed 17/01/2007 8:55pm AEST

Updated: Tue 27/02/2007 9:57am AEST

  • More articles