Abstract
Apache is arguably the most significant web server, indeed the May 2015 Netcraft survey reports that Apache runs 49% of the top million busiest sites, with Nginx reporting 22% and Microsoft 12%.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Older versions use /etc/apache2; newer versions leave the value unset.
- 2.
Ubuntu 10.10, 11.04 and later versions, as well as Mint 10, 11 and later versions include a symlink from /usr/sbin/apachectl to /usr/sbin/apache2ctl, so either name can be used.
- 3.
If you think this approach is silly and that it would be simpler to add a LoadModule statement to httpd.conf, then consider the fact that /etc/sysconfig/apache2 states, “It might look silly to not simply edit httpd.conf for the LoadModule statements...”
- 4.
The word “referer” is, in fact, misspelled. It was misspelled in the original 1996 RFC for HTTP/1.0, RFC 1945, available at http://tools.ietf.org/html/rfc1945 , and the new spelling has stuck. It is still in use in the June 2014 RFC 7231 ( http://tools.ietf.org/html/rfc7231 ), which notes that referer has been misspelled.
- 5.
Do not include spaces in the name, as the Include directive from /etc/apache2/apache2.conf may not correctly include the result. In some versions (e.g., Ubuntu 13.10) only files that end in .conf are included.
- 6.
- 7.
- 8.
Be sure to use a current version of ModSecurity and a current rule set for any system in production!
- 9.
- 10.
See http://sourceforge.net/p/mod-security/mailman/mod-security-users/?viewmonth=201209.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2015 Mike O'Leary
About this chapter
Cite this chapter
O’Leary, M. (2015). Apache and ModSecurity. In: Cyber Operations. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-0457-3_11
Download citation
DOI: https://doi.org/10.1007/978-1-4842-0457-3_11
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-0458-0
Online ISBN: 978-1-4842-0457-3
eBook Packages: Professional and Applied ComputingApress Access BooksProfessional and Applied Computing (R0)