Chapter 5. Virtual Patching
In this chapter we will look at a technique called virtual patching, which is a method to fix, or patch, a vulnerability in a web application by using the ability of ModSecurity (or in general, any web application firewall) to block malicious requests.
Virtual patching relies on ModSecurity's ability to intercept requests before they reach your web application, and consists of writing rules that will intercept specific malicious requests before they get handled by your web application and have any chance to do damage. This allows you to fix vulnerabilities without touching any web application code, and indeed without even requiring you to understand how the web application code works—all that is required is knowledge of which kind of requests the web application is vulnerable to.
