Firewalling the web with ModSecurity
In Chapter 10, we installed a firewall to protect the server, but we left open the web ports 80 and 443. If we block those, of course, we block access to our sites. What we need are alternative strategies for filtering malicious web traffic, and techniques abound in these pages. Have another.
Conceived by Ivan Ristic and developed by a team of head honcho security pros, this open source firewall is a prudent partial umbrella for applications such as WordPress:
ModSecurity – http://modsecurity.org
MS Wiki – http://sourceforge.net/apps/mediawiki/mod-security
It sits in front of a web server to allow or deny requests depending on your rules which can be set on a cross-site and per site basis. It logs the lot and offers real-time analysis.
It can be installed embedded within the Apache process, which is explained here, else set up as a reverse proxy to protect a series of web servers whether Apache or not.
Installing mod-security, the Apache module
As usual, there...
