About ModSecurity Collections and Limitting Requests | Search for a title, author or keyword | ||||||||
About ModSecurity Collections and Limitting Requests Playing around with Persistent Collections and Throttling Requests. By Christian Bockermann on July 19, 2009. ModSecurity™is an open source, free web application firewall ( WAF ) Apache module. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure. Most attacks are now carried out via POST requests, rendering your systems blind. ModSecurity makes full HTTP transaction logging possible, allowing complete requests and responses to be logged. In addition to providing logging facilities, ModSecurity can monitor the HTTP traffic in real time in order to detect attacks. In this case, ModSecurity operates as a web intrusion detection tool, allowing you to react to suspicious events that take place at your web systems. Everybody writing ModSecurity is using collections. The collections are similar to named arrays or hashes. Thus, it is possible to store a value in such a collection by associating that value with a specific key. A big advantage when working with collections is, that they can be made persistent by ModSecurity. This allows for maintaining information within variable over several requests. A collection could for instance be maintained similar to a session context by connecting it to a clients cookies. A problem raised on the ModSecurity mailing list was concerned with limitting the number of requests for a specific client IP within a fixed time window. And this is the topic of this article.
|
|||||||||
About ModSecurity Collections and Limitting Requests | Disclaimer: this link points to content provided by other sites. |