What is mod_security and Should I Use It?

Organizations need every help they can get to protect their systems and online assets.  The rate of malicious attacks and requests against web apps has made securing online assets increasingly necessary. 

The latest Annual Bad Bot Report shows that automated attack bots generated a quarter of all web traffic in 2019, rising 18.1 percent from the previous year. Humans account for only about 62 percent of all internet traffic.

The report shows that financial services (47.7 percent), education (45.7 percent), IT and services (45.1 percent), marketplace (39.8 percent), and government (37.5 percent) received the most hits.

Most of the bad bots impersonated Chrome browsers to by-pass scrutiny. How do you protect your systems from these attacks? Let’s take a look at mod_security and what it does.

What’s Mod_Security?

Mod_security is an open-source web application firewall (WAF) that safeguards websites and web applications against many threats and automated bots attacks.

It establishes external security layers that offer protection to web-based software programs, detecting and preventing attacks, like cross-site scripting and code injection attacks before they reach them. 

The module is invaluable for protecting websites running on content management systems (CMS), for example, WordPress or eCommerce applications like Magento.

Though most servers have in-built firewalls, mod_security plays a complementary role to offer complete security to web applications.

How Does Mod_Security Work?

Network firewalls safeguard servers from malicious traffic at the network level but cannot filter malicious requests against web applications because they often mimic legitimate web traffic.

Mod_security works best at handling malicious requests at application layers. It’s a rule-based web application firewall that works in the background.

The firewall monitors incoming web requests in real-time to identify malicious traffic by comparing the requests to a list of rules. 

It searches for patterns that match attacks such as SQL injections, cross-site scripting, session hijacking, and more, blocking the connections before they reach the application.

The Open Web Application Security Project (OWASP) curates the most popular free ruleset in common use today. The Core Rule Set includes rules that protect web applications against a wide range of threats.

The ruleset can also protect against the OWASP Top Ten—a frequently updated list of the most common threats.

Why You Should Use It

Mod_security helps protect your system against common web-based threats. It works in real-time to filter malicious activities. The module complements your network firewall to keep your application safer.

The module support rule engine that helps protects against:

  • Cross-site scripting (XSS)
  • Session hijacking
  • SQL injection
  • Bad user agents
  • Trojans, and others

Wrapping It Up

Mod_security is a toolkit for real-time intrusion detection and prevention. It works in the background, comparing every page request against various rules to filter out seemingly malicious traffic. Users can adapt and extend the rule language to fit their needs. 

This flexibility makes mod_security capable of:

  • Real-time application security monitoring
  • Virtual patching because of its reliable blocking capabilities
  •  Full HTTP traffic logging, including raw transactional data
  • Web application hardening by selectively narrowing down the HTTP requests you accept

Scala Hosting regularly updates its mod_security rule to deal with threats as they arise.

Rado

Author

Working in the web hosting industry for over 13 years, Rado has inevitably got some insight into the industry. A digital marketer by education, Rado is always putting himself in the client's shoes, trying to see what's best for THEM first. A man of the fine detail, you can often find him spending 10+ minutes wondering over a missing comma or slightly skewed design.

Write a Comment

Required*