I am new in mod_security and I was given a task of httpd and mod_security. I
am using RHEL 5 OS, mod_security-2.5.12-1.el5, httpd-2.2.3-43.el5,
My question is what is the configuration parameters of mod_security for
php and reverse proxy rules?
From: Christian Bockermann <chris@jw...> - 2010-05-18 18:15:36
Am 18.05.2010 um 11:53 schrieb James Corteciano:
> I am new in mod_security
> and I was given a task of httpd and mod_security. I am using RHEL 5 OS, mod_security-2.5.12-1.el5, httpd-2.2.3-43.el5, and php-5.1.6-27.el5.
> My question is what is the configuration parameters of mod_security for php and reverse proxy rules?
I am not 100% sure what exactly your are trying to achieve. Reverse-Proxying and
ModSecurity are in the first view two separate topics.
(1) A Reverse proxy will be a separate system in front of your http-server, which
accepts HTTP requests and forwards them to your backend server. Apache does
provide this functionality by the use of mod_proxy, e.g.:
ProxyPass / http://your-backend-server-ip/
ProxyPassReverse / http://your-backend-server-ip/
This will forward all requests arriving at your rev-proxy system to the backend
(2) ModSecurity can be used to check incoming HTTP requests against a set of rules
which imply a specific policy (e.g. attack patterns, etc.)
Since it is built into Apache (as a module), you can use it without adding a
separate reverse-proxy system into your setup. It directly integrates with the
Apache that is running your PHP application.
So in a sense there is no intrinsic need for setting up the reverse-proxying if you
"just" want to use ModSecurity to protect an PHP app that is running in your Apache.
When using Apache as a reverse proxy, you can also integrate the ModSecurity module
into that reverse proxy system to check incoming requests before forwarding them to
the backend application system.
As a start you might want to have a look at the documentation at
and check the core-rules ruleset at http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
Get latest updates about Open Source Projects, Conferences and News.