Comments on Secure Your Apache With mod_security

Secure Your Apache With mod_security This article shows how to install and configure mod_security. mod_security is an Apache module (for Apache 1 and 2) that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc.

6 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Anonymous
Reply  

jnordstrom I noticed this exact same thing in my logs you can either. change deflate.conf to look like this and the error will still be there only for some hosts. 

<IFMODULE mod_deflate.c>
# Commented out filter below to disable default compression to allow some 
# virtual hosts to have no compression. 
# AddOutputFilterByType DEFLATE text/html text/plain text/xml 
</IFMODULE>

Another alternative is to just edit the rule file and ditch the warning. I'm busy contemplating which one to do myself right now.

By:
Reply  

Given your experience with both mod_security and mod_deflate I was wondering if you had experienced the same conflicts that I have. When I disable mod_deflate, mod_security works great, when I enable mod_deflate I get:

[Mon Dec 10 16:21:28 2007] [error] [client 127.0.0.1] ModSecurity: Warning. Operator EQ match: 0. [id "960903"] [msg "ModSecurity does not support content encodings"] [severity "WARNING"] [hostname "www.testsite.com"] [uri "/test.html"] [unique_id "Le3dBH8AAAIAAErHB-QAAAAB"]


Environment: Jetty 6.1.6, JDK 6, Spring 2.5 Web

By: Phil
Reply  

Just wondering if there was a set of rules, like there is for phpids that are constantly updated? or do you have to keep designing your own rules?

By:
Reply  

aptitude install libapache2-mod-security2

By: brody182
Reply  

Dont you think this needs to be updated for Debian 8?

By: Tommy
Reply  

apt-get install libapache2-mod-security

Unable locate the package libapache2-mod-security