Home > Information Security Magazine > Features > Brick By Brick
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Brick By Brick
by Shawn Moyer
Issue: Sep 2006
printer-friendly
< PREV PAGE   |   1  |   2  |   3  |   4  |   NEXT PAGE  >

Breaking Ground
Of all the commercial and open-source HTTP proxies available, the Apache Web server stands out with its ability to parse and rewrite content. Apache includes a fast and stable built-in HTTP proxy as part of its core distribution, and its modular design allows you to tune it extensively, so you can deploy it in a proxy-only configuration. You can leverage its content-awareness to build a filtering and rewriting HTTP proxy.

Starting with version 2.0, Apache includes the PCRE (Perl Compatible Regular Expressions) library as a built-in pattern-matching engine, which substantially improves the performance of regular expressions. It also allows for the ordering of multiple parsing and rewriting operations, based on the type of content.

These features, combined with the third-party and built-in modules discussed later, provide a powerful toolkit for protecting Web applications.

Construction Platform
Mod_security (www.modsecurity.org) is at the heart of your firewall's Web intrusion prevention capabilities. It began as a sim...



ple pattern-based filtering engine to block network worm traffic, but has matured into a full-blown Web security suite.

Mod_security signatures use a regular expression-based filtering language that will be familiar to users of Snort, and can be automatically updated via the mod_security site, much like typical IDS signatures. These include filters against cross-site scripting and SQL statements in URLs, and traffic that contains shell commands and path or user ID information.

Free, frequently updated signatures for mod_security are available for download at www.gotroot.com.

Mod_security also normalizes and sanitizes Uni- code traffic to protect against URL-encoding attacks.

Mod_security's pattern matching can also be used to prevent error message leakages that might give an attacker useful information. Any messages that might disclose Web server configurations can be filtered and redirected to a generic error message. You can also use mod_security to enforce what file types can be requested from the environment, such as .php, .asp, .jsp, and .html files.

< PREV PAGE   |   1  |   2  |   3  |   4  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts