mod_security is an Apache module which is designed to do things that a conventional firewall couldn’t – block application-level attacks.
While a firewall block attacks at packet level, most of them have port 80 opened to allow access to the webserver behind it. And with conventional firewall getting very good nowadays at doing its job, criminals have started to find that it can be very easy to breach your network using this route instead.
This is where mod_security come to your assistance.
It’s able to do quite a lot. For example, it’s able to filter user requests (based on your own rules), both POST and GET – protecting you from potential SQL injection, XSS, root traversal, and other attacks.
Those are already quite powerful, but there are more. It’s also makes it easy to make Apache runs chroot-ed, invoke virus scanner on uploaded files, limiting admin access based on IP address, detecting instrusions, stopping information leak – even disabling the famous FormMail from sending spam. Your creativity is pretty much the limit with it.
I can’t praise this thing enough. If you haven’t install it, I recommend you do, asap.
# Excellent introduction to mod_security
# chroot-ing Apache with mod_security
# ApacheSecurity.net – the website for Ivan’s (yet to be released) book, but already contains a few security tools which may be of interest to you
# HOWTO: installing mod_security on Debian stable