Abstract
Apache is arguably the most significant web server; the September 2018 Netcraft survey reports that Apache runs 34% of the top million busiest sites, with Nginx reporting 25% and Microsoft 10%.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
If you think this approach is silly and that it would be simpler to add a LoadModule statement to httpd.conf, then consider the fact that /etc/sysconfig/apache2 states, “It might look silly to not simply edit httpd.conf for the LoadModule statements…”
- 3.
The precise collection of modules loaded depends on the version of OpenSuSE. Shown is the list from OpenSuSE 42.1.
- 4.
The advantage of a2enmod and a2dismod over direct manipulation of symlinks is that the commands also consider any dependencies the module may have.
- 5.
The word “referer” is, in fact, misspelled. It was misspelled in the original 1996 RFC for HTTP/1.0, RFC 1945, available at http://tools.ietf.org/html/rfc1945 and the new spelling has stuck. It is still in use in the June 2014 RFC 7231 ( http://tools.ietf.org/html/rfc7231 ), which notes that referer has been misspelled.
- 6.
- 7.
- 8.
- 9.
This list is taken directly from the Apache 2.4 documentation at https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslciphersuite . Apache 2.2 is similar.
- 10.
- 11.
On Apache 2.2, an additional NameVirtualHost directive is also required.
- 12.
The headers for an HTTP/1.1 request can be found in RFC 2616, which can be found at https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
- 13.
- 14.
- 15.
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual . This manual covers both ModSecurity 2.x and ModSecurity 3.x. Since ModSecurity 3.0 was released in December 2017, this book only covers ModSecurity 2.x.
- 16.
- 17.
Installing modsecurity-crs may also include the extra package libapache2-modsecurity, but this is a dummy transitional package.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Mike O'Leary
About this chapter
Cite this chapter
O’Leary, M. (2019). Apache and ModSecurity. In: Cyber Operations. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-4294-0_14
Download citation
DOI: https://doi.org/10.1007/978-1-4842-4294-0_14
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-4293-3
Online ISBN: 978-1-4842-4294-0
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books