Appendix C: URLScan and ModSecurity

Previous page
Table of content
Next page

Overview

This appendix presents overviews of how to install and configure URLScan and ModSecurity, web server firewalls for IIS and Apache, respectively. URLScan is produced by Microsoft and is available for free. ModSecurity is produced by Ivan Ristic of Thinking Stone, and is available under both GPL and commercial licenses. Both may be obtained easily from the links provided at the end of this appendix.

The material here is adapted from publicly available documentation (again listed at the end of this chapter), as well as our own experiences working with the tools individually and as consultants to large organizations. As with any technology, it is important to understand the advantages and drawbacks of using URLScan and ModSecurity, but on the whole, we feel they provide strong defense to IIS and Apache web applications if used properly. In fact, when Apache is configured to work as a reverse proxy and combined with ModSecurity, the result is a general-purpose network-based web application firewall that can be used to protect any number of web servers.

Even if you decide not to implement URLScan or ModSecurity, we hope the discussion of the protection mechanisms they offer is educational in terms of general web server security.


Previous page
Table of content
Next page
Hacking Exposed Web Applications
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition
ISBN: 0071740643
EAN: 2147483647
Year: 2006
Pages: 127
Authors: Joel Scambray, Vincent Liu, Caleb Sima
BUY ON AMAZON
Beginning Cryptography with Java
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
The Java Tutorial: A Short Course on the Basics, 4th Edition
Junos Cookbook (Cookbooks (OReilly))
Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy