Summary

URLScan and ModSecurity provide powerful and flexible security protection for web applications running on IIS5.x (and earlier) and Apache web servers, respectively. They can help prevent some of the most common attacks against web applications by filtering and/or decoding input, restricting the maximum amount of data in a request, and by restricting requests containing commonly abused extensions and methods . They can also be optionally configured to log rejected requests to inform debugging or forensic analysis where appropriate (although we don't recommend enabling logging by default).

These tools, if properly configured, can be powerful allies to an administrator, but they should not be considered as replacement for the many other security best practices we've laid out in the rest of this book, including the establishment of additional external firewall perimeters , good security patch maintenance, diligent server configuration and administration, and secure programming practices, just to name a few. Like any good security tool, they are simply another layer of protection around web applications that provide solid "defense- in-depth ."