Mod Security

ModSecurity is an Apache module that acts as an IDS/IPS embedded within the web server. Since it is a part of the web server itself, ModSecurity is able to analyze encrypted HTTPS traffic, or compressed content, after the web server has decrypted or decompressed it.

The ModSecurity directive, SecServerSignature, can be used to alter the HTTP Server header either to be empty to minimize information leakage or to contain false information to mislead an attacker. For example, an Apache web server containing the mod_security module could be configured with the following directive:

SecServerSignature "Microsoft-IIS/5.0"

It should be noted that this won't necessarily stop an attacker from fingerprinting your web server because default files, error messages, or headers may still reveal that the system is running an Apache web server. This type of information can also be captured by ModSecurity by pattern matching words and sentences that you do not want leaked through the web application or web server.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment