Securing your web applications using mod_security
Now that you're able to execute the PHP code, you're also ready for people to attempt to exploit your PHP code. While PHP code can certainly be secure, it often appeals to new developers who have not yet learned secure coding practices. In a situation like this, it can be helpful to have some additional protection in the form of a Web Application Firewall.
Mod_Security is an open source
Web Application Firewall (WAF) for Apache. It is able to interpret full HTTP requests and responses in order to detect and block attempts at performing various HTTP attacks like SQL injection, cross site scripting and others.
How to do it…
The first thing you need to do is to install and enable the module in detection mode:
Installing on Ubuntu 14.04:
Install the package:
sudo apt-get install libapache2-mod-security2Setup the
mod_securityconfiguration file:sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.confRestart the service...
