Skip to main content
SpringerLink
Log in
Book cover

Cyber Operations pp 411–455Cite as

Apress

Apache and ModSecurity

  • Chapter
  • First Online:

  • 1923 Accesses

Abstract

Apache is arguably the most significant web server, indeed the May 2015 Netcraft survey reports that Apache runs 49% of the top million busiest sites, with Nginx reporting 22% and Microsoft 12%.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Older versions use /etc/apache2; newer versions leave the value unset.

  2. 2.

    Ubuntu 10.10, 11.04 and later versions, as well as Mint 10, 11 and later versions include a symlink from /usr/sbin/apachectl to /usr/sbin/apache2ctl, so either name can be used.

  3. 3.

    If you think this approach is silly and that it would be simpler to add a LoadModule statement to httpd.conf, then consider the fact that /etc/sysconfig/apache2 states, “It might look silly to not simply edit httpd.conf for the LoadModule statements...”

  4. 4.

    The word “referer” is, in fact, misspelled. It was misspelled in the original 1996 RFC for HTTP/1.0, RFC 1945, available at http://tools.ietf.org/html/rfc1945 , and the new spelling has stuck. It is still in use in the June 2014 RFC 7231 ( http://tools.ietf.org/html/rfc7231 ), which notes that referer has been misspelled.

  5. 5.

    Do not include spaces in the name, as the Include directive from /etc/apache2/apache2.conf may not correctly include the result. In some versions (e.g., Ubuntu 13.10) only files that end in .conf are included.

  6. 6.

    https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project .

  7. 7.

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670248 .

  8. 8.

    Be sure to use a current version of ModSecurity and a current rule set for any system in production!

  9. 9.

    See http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2012-February/001005.html .

  10. 10.

    See http://sourceforge.net/p/mod-security/mailman/mod-security-users/?viewmonth=201209.

Author information

Authors and Affiliations

  1. Department of Mathematics, Towson University, Towson, MD, US

    Mike O’Leary

Authors
  1. Mike O’Leary
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Mike O'Leary

About this chapter

Cite this chapter

O’Leary, M. (2015). Apache and ModSecurity. In: Cyber Operations. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-0457-3_11

Download citation

Publish with us

Policies and ethics

Search

Navigation