Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

O'Reilly Broadcast:
Getting Drupal and mod_security to Play Nicely Together on Red Hat 5.x Servers
Nov 05, 2010 @ 14:31:18

One of the ways you can help to secure your web application is to use the Apache module mod_security. It allows you to specify extra rules and settings to help prevent issues that would normally pass on through. Unfortunately, it may not play nicely with all web-based applications. In this new article on the O'Reilly Broadcast, Caitlyn Matrin describes some of the steps she took to get mod_security and Drupal to cooperate.

Deploying Drupal on an Apache web server with mod_security or adding mod_security to an Apache server with Drupal running should be as easy as installing the relevant packages. Unfortunately, on Red Hat Enterprise Linux (RHEL) 5.4 and 5.5 servers it just isn't so. This is due to a combination of a bug and an outdated Core Rule Set (CRS) in the current mod_security package in the EPEL (Extra Packages for Enterprise Linux) repository. I've seen lots of posts online where people were struggling with this combination so I decided a how-to article was in order.

She walks you through the install process for mod_security (assuming you already have Apache and Drupal installed), what settings to change, directories and permissions to add and how to replace the old Core Rule Set with a newer version.

tagged: drupal modsecurity apache tutorial coreruleset install

Link:

php|architect:
Modsecurity: Why it matters to PHP
Jul 12, 2010 @ 16:42:02

New from the php|architect blog today there's a post talking about a new book from Feisty Duck Publishing about ModSecurity for Apache and how that effects the world of PHP.

ModSecurity is a web application firewall. It can live in and out of the Apache web server environment, one of the most popular web servers around. ModSecurity is infinitely customizable and extremely powerful. The philosophy of ModSecurity can be summed up in a few words. Look, and only modify if I tell you to.

The author of the post (Orlanao Medina) thinks that this book is *the* resource for ModSecurity-related information, providing step-by-step information on how to work with the tool both inside and outside of Apache. It shares tips on blocking XSS attacks, brute force attacks and generally protecting your application in general.

tagged: modsecurity firewall apache security bookreview

Link:


Trending Topics: