How Can Mod_Security Help to Secure Your Web App?

Armin Dec 19, 2019
How Can Mod_Security Help to Secure Your Web App?

We extended nine-manage-hosts to give you the opportunity to use mod_security on specific vhosts in specific modes in order to keep your web server safe and secure. 

 

What is mod_security and how does it work?

mod_security is the implementation of the OWASP rule set for the apache web server. It acts as an application firewall and filters requests that aim for XSS, SQL injections and similar harmful requests.

We are using the mod_security “core rule set” on our servers.

All managed servers that are running Ubuntu Xenial or Bionic have the required module installed. In order to not disrupt any services, we decided to deactivate mod_security by default. This applies to creating new vhosts and changing existing ones.

To activate the filtering you can use nine-manage-vhosts. There are three options for mod_security you can choose from:

  • Off
    mod_security is disabled for this vhost. Therefore, no filtering takes place
  • DetectionOnly
    mod_security is in detection state. This means that any potential violations will be logged in the domains logfile. This mode is highly recommended when the effects of using mod_security are unknown and before ultimately enabling it
  • On
    mod_security is enabled and will start blocking requests that do match the core rule set

 

How can I use mod_security?

As it is already implemented, you can manage it on your own, depending on the specific needs for your websites or vhosts. You can also combine mod_security with your existing Let´s Encrypt implementation

You would like to know more? Use our support article to see the full documentation about mod_security.

 

Never miss an update from our engineers

Subscribe to Engineering Logbook updates

 

 

Armin

Senior Engineer Managed Services @ nine