Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Apache Module For Web Intrusion Detection

Posted by timothy on Sunday October 19, 2003 @01:19AM from the driven-by-the-forces-of-evil dept.

ivan.ristic writes "Mod_security 1.7 has been released. Mod_security is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. The latest release adds output scanning to Apache 2.x; the ability to analyze cookies; functionality to change the identity of the web server; several new actions for rule grouping; new null-byte attack anti-evasion code."

1 of 49 comments (clear)

Min score:

Reason:

Sort:

Re:This sounds like a great idea. by bill_mcgonigle · 2003-10-20 05:45 · Score: 4, Informative

For those who don't have mod_security, a good thing to put in your httpd.conf is:

ServerTokens ProductOnly

so your HTTP response looks like:

HTTP/1.1 200 OK Date: Mon, 20 Oct 2003 17:23:13 GMT Server: Apache

instead of:

HTTP/1.1 200 OK Date: Mon, 20 Oct 2003 17:23:13 GMT Server: Apache/1.3.19 (Unix) mod_perl/1.27 PHP/4.0.5pl1 mod_ssl/2.8.2 OpenSSL/0.9.8

That's just way too much information to tell the world.

--
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)