Securing Apache with ModSecurity

Out of all of the web servers available on the market, both free and open source, Apache HTTP Server is the most widely used. It has become the standard for most Linux-based servers and is commonly the default for many other Unix-like operating systems. It is generally regarded as secure, but even the best software needs to be configured correctly to truly provide security.

If all of your server’s websites are static HTML pages with no scripts or dynamic elements, additional security may not be a concern, but since most sites these days use PHP, perl, or other scripting, as well as javascript and other dynamic elements, security can be a concern.

A network firewall protects your server’s ports from unwanted access, but you cannot block every port. The default HTTP port (80), must stay open so that people can access your site. An attacker can use dynamic forms or even just a PHP script running on your site to initiated an assault.

ModSecurity is a web application firewall, meaning that it is specifically designed to protect your server from its own applications. ModSecurity sits in between the web server and your web applications so that anyone accessing them must go through the security firewall. It uses a set of rules that place restrictions on web applications and scripts, plugging any holes they may leave, and it is fully customizable so that you can tweak it to meet your server’s needs.

ModSecurity is free and open source software, backed by a commercial security company, as well as a large community of users who submit custom rules to share with others. In addition to the source code, you can download binary packages for ModSecurity for numerous Linux distributions, BSD variants, Windows, and many other Unix-like operating systems.