logo资料库

modsecurity-handbook-getting-started-2ed.pdf

发布时间:2022-06-06 发布人:admin 分类:说明书 资料大小:3.58M 资料格式:pdf 举报 版权申诉
第1页 / 共83页
第2页 / 共83页
第3页 / 共83页
第4页 / 共83页
第5页 / 共83页
第6页 / 共83页
第7页 / 共83页
第8页 / 共83页
资料共83页,剩余部分请下载后查看
    ModSecurity Handbook
    Table of Contents
    Preface to the Free Edition
    Preface to the Second Edition
    Preface to the First Edition
    Scope and Audience
    Contents
    Updates
    Feedback
    About the Author
    About the Technical Reviewer
    Acknowledgments
    Part I: User Guide
    Chapter 1: Introduction
    Brief History of ModSecurity
    What Can ModSecurity Do?
    Guiding Principles
    Deployment Options
    Getting Started
    Hybrid Nature of ModSecurity
    Main Areas of Functionality
    What Rules Look Like
    Transaction Lifecycle
    Lifecycle Example
    File Upload Example
    Impact on Web Server
    What’s Next?
    Resources
    General Resources
    Developer Resources
    AuditConsole
    Summary
    Chapter 2: Installation
    Installation from Source
    Downloading Releases
    Downloading from Repository
    Installation on Unix
    Compile-Time Options
    Custom-Compiled Apache Installations
    Installation from Binaries
    Fedora Core, CentOS, and Red Hat Enterprise Linux
    Debian and Ubuntu
    Installation on Windows
    Summary
    Chapter 3: Configuration
    Folder Locations
    Configuration Layout
    Adding ModSecurity to Apache
    Powering Up
    Request Body Handling
    Response Body Handling
    Filesystem Locations
    File Uploads
    Debug Log
    Audit Log
    Default Rule Match Policy
    Handling Processing Errors
    Verifying Installation
    Summary
    Chapter 4: Logging
    Debug Log
    Debugging in Production
    Audit Log
    Native Format Audit Log Entry Example
    JSON Format Audit Log
    Concurrent Audit Log
    Remote Logging
    Configuring Remote Logging
    Activating Remote Logging
    Troubleshooting Remote Logging
    File Upload Interception
    Storing Files
    Inspecting Files
    Integrating with ClamAV
    Advanced Logging Configuration
    Increasing Logging from a Rule
    Dynamically Altering Logging Configuration
    Removing Sensitive Data from Audit Logs
    Selective Audit Logging
    Summary
    Index
    SECOND EDITION MODSECURITY HANDBOOK The Complete Guide to the Popular Open Source Web Application Firewall Free edition: Getting Started Christian Folini Ivan Ristić Last update: Mon May 07 15:46:04 BST 2018 (build 10)
    Everything you need to know about ModSecurity, in one place SECOND EDITION MODSECURITY HANDBOOK The Complete Guide to the Popular Open Source Web Application Firewall Christian Folini Ivan Ristić To purchase the full book, go to: https://www.feistyduck.com FINE TECHNOLOGY BOOKS
    ModSecurity Handbook Christian Folini, Ivan Ristić
    ModSecurity Handbook: Getting Started by Christian Folini, Ivan Ristić Copyright © 2017 Feisty Duck Limited. All rights reserved. ISBN: 978-1-90711708-4 Published in July 2017 (build 10). First edition published in March 2010. Feisty Duck Limited www.feistyduck.com contact@feistyduck.com Address: 6 Acantha Court Montpelier Road London W5 2QP United Kingdom Production editor: Jelena Girić-Ristić Copyeditor: Melinda Rankin Cover design: Peter Jovanović Cover illustration: Maja Veselinović All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, without the prior permission in writing of the publisher. The author and publisher have taken care in preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein. ModSecurity is a registered trademark of Trustwave Holdings, Inc. All other trademarks and copyrights are the property of their respective owners. Licensed for the exclusive use of: clay tang Feisty Duck DigitalBook Distributionwww.feistyduck.com
    Table of Contents I. User Guide 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Scope and Audience Contents Updates Feedback About the Author About the Technical Reviewer Acknowledgments Preface to the Free Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Preface to the Second Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Preface to the First Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi xi xii xv xv xv xvi xvi 1 3 3 5 7 7 8 8 9 10 11 16 17 18 18 19 19 19 2. Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Hybrid Nature of ModSecurity Main Areas of Functionality What Rules Look Like Transaction Lifecycle Impact on Web Server What’s Next? Brief History of ModSecurity What Can ModSecurity Do? Guiding Principles Deployment Options Getting Started Resources Summary General Resources Developer Resources AuditConsole iii
    Installation from Source Installation on Windows Summary Fedora Core, CentOS, and Red Hat Enterprise Linux Debian and Ubuntu Downloading Releases Downloading from Repository Installation on Unix Installation from Binaries Folder Locations Configuration Layout Adding ModSecurity to Apache Powering Up Request Body Handling Response Body Handling Filesystem Locations File Uploads Debug Log Audit Log Default Rule Match Policy Handling Processing Errors Verifying Installation Summary 22 22 23 24 27 27 28 28 29 3. Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 32 34 35 36 36 37 39 39 40 41 42 42 44 45 47 47 48 49 51 53 53 54 55 57 59 60 60 61 62 Native Format Audit Log Entry Example JSON Format Audit Log Concurrent Audit Log File Upload Interception Storing Files Inspecting Files Integrating with ClamAV 4. Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Debug Log Audit Log Debugging in Production Remote Logging Configuring Remote Logging Activating Remote Logging Troubleshooting Remote Logging iv
    64 65 65 65 67 67 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Increasing Logging from a Rule Dynamically Altering Logging Configuration Removing Sensitive Data from Audit Logs Selective Audit Logging Advanced Logging Configuration Summary v
    Preface to the Free Edition Welcome to ModSecurity Handbook: Getting Started. This is a special free version that consists of the first four chapters of the full book. Since ModSecurity Handbook went into print, we re- alized that there were many new users of ModSecurity who were not yet interested in master- ing this tool (and wouldn’t consider buying a book) but who could benefit from having access to better documentation. This version offers exactly that, with an introduction to ModSecuri- ty in Chapter 1, and coverage of installation and configuration in Chapters 2, 3, and 4. Enjoy! vii
    分享到:
    收藏

    相关推荐

    资料库

    安全技术

    共收录1285份资料,累计4个分类,关注成员有19位,主要包括:网络攻防,系统安全,其它,网络安全

    热门标签

    网络攻防 系统安全 其它 网络安全

    最新资料