Using Mod_Security to Protect Your Server - Actions
(Page 2 of 4 )
Table 4-1 lists the most important actions mod_security can apply to an event caught by the filtering ruleset.
Table 4-1. mod_security filtering rulesets
| Action | Description |
| allow | Skip remaining rules and allow the matching request. |
| auditlog | Write request to the audit log. |
| chain | Chain the current rule with the rule that follows. |
| deny | Deny the request. |
| Exec | Execute (launch) an external script or process as a result of this request. |
| Log | Log the request (Apache error_log and audit log). |
| msg | Message that will appear in the log. |
| noauditlog | Do not log the match to the audit log. |
| nolog | Do not log the match to any log. |
| Pass | Proceed to next rule. |
| redirect | If request is denied then redirect to this URL. |
| status | Use the supplied status codes if a request is denied. |
Now, we can configure a few basic rules specific to our environment that enable mod_security to protect our applications.
Filters
Let’s say some of our applications pass parameters around that may end up in our MySql database. Let’s also say we were lazy and did not positively validate those fields before trying to INSERT them into the database. Then, some wily hacker comes along and tries to perform a SQL injection attack.
So, how does this really work? With mod_security’s filters we can write rules that look for these kinds of attacks:
SecFilter "drop[[:space:]]table "
SecFilter "select.+from"
SecFilter "insert[[:space:]]+into"
Resources
Ivan Ristic has provided a thorough primer on mod_security in his book Apache Security (O’Reilly). Go pick up a copy and have a look. I also highly recommend a visit to the site http://www.modsecurity.org/ if you intend on using mod_security. There you will find documentation, tools, and additional downloads.
Next: PHP >>
More JavaScript Articles
More By O'Reilly Media
|
 This article is excerpted from chapter four of Securing Ajax Applications: Ensuring the Safety of the Dynamic Web, written by Christopher Wells (O'Reilly, 2007; ISBN: 0596529317). Check it out today at your favorite bookstore. Buy this book now.
|
|
