Flexible Content Management System


Hardening The Security of Your Website

Contributed by Thanks for the info on Apr 28, 2004 - 01:41 AM

The basic operation of ModSecurity is to sit in between the person requesting the webpage, and the webserver itself. There it analyses all requests coming to the webserver and checks them against a set of definable rules.

If the request passes all these checks then the page is served to the end user. If there is a match then ModSecurity can take a number of actions, including doing nothing, logging the request, or simply denying the request with an error message.

I highly recommended ModSecurity as a tool against hackers, it says it has a slight performance hit but in my testing it wasn't noticable at all. Obviously ModSecurity is only for those people who have root access to the server where their site is hosted, as it's a plugin module for Apache.

It's really a layer 7 firewall for your webserver and it does an excellent job. I've had a number of people try to exploit a website I run with a PostNuke hack (now fixed by the recent patch), it was stopped by ModSecurity though because the exploit when it connects to your site doesn't send a browser version and I had ModSecurity configured to deny all attempts to connect if no browser version was present.

Setting it up is quite easy, there's a few basic filters that come with it out of the box but you'll want to modify those and add new ones as you see fit.

I won't go into anymore detail here, if you're interested then please take a look at the ModSecurity website, it has everything you need to get ModSecurity setup and working to your needs.

Finally, another tool for those of us using Linux to serve up their PostNuke sites is a kernel patch called grsecurity. I won't go into all of it's features but it really is a brilliant piece of code. Should your webserver get hacked, grsecurity properly configured would make it very hard for the hacker to get themselves a rootshell or install any backdoors. If you understand how to compile your own Linux kernel you should really look at this patch, I use it on all my production servers.

I hope this short article will help some of you with the security of your PostNuke sites.