What does Mod_security refer to ?

ModSecurity is an open source, free web application firewall (WAF) Apache module. With over 70% of all attacks now carried out over the web application level, organizations need all the help they can get in making their systems secure. WAFs are deployed to establish an external security layer that increases security, detects and prevents attacks before they reach web applications. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.

Mod_security is part of the Apache web server package and no general web host is going to change that for you specifically. As it’s part of the server software you cannot change it yourself. If you have access to .htaccess – most web hosts do not allow this either – you can change the behavior of the mod_security module.

In other words, it is an Apache module which adds an extra layer of security by analyzing client requests before they are processed by Apache and, furthermore, by analyzing server responses after a request has been processed.

ModSecurity is an open source intrusion detection and prevention engine for web applications. It can also be called a web application firewall. It operates embedded into the web server, acting as a powerful umbrella, shielding applications from attacks.

The analysis of the client request and the server response is performed in stages:

1. In the first stage, the request’s format is analyzed by a series of built-in checks (implicit validations). These checks can be controlled using configuration directives.

2. In the second stage, the request goes through a series of user-defined input-filters. Whenever there is a match, a list of user-defined actions is performed.

3. The request is processed by Apache.

4. If output filtering is enabled, then the output goes through a series of user-defined output-filters. If there is a match, then the specified actions are performed.