Tendo dito que não tenho experiência em usar Mod Security , gosto de compartilhar o seguinte review :
ModSecurity is an open source web application firewall (WAF) engine for Apache that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.
It operates embedded into the web server, acting as a powerful umbrella – shielding applications from attacks. ModSecurity supports both branches of the Apache web server.
The module filters, and optionally rejects, incoming requests based on a number of different criteria like CGI variables, HTTP headers, environment variables, and even individual script parameters. mod_security can also create an audit log, storing full request details in a separate file, including POST payloads (the audit feature can be turned on or off on a per-server or per-directory basis).
Advantage
The advantage of mod_security is “security”.
- No network side configuration
- Easy management.
- Free as in Beer
- HTTP intrusion detection and prevention
Disadvantages
- You have to become a security expert
- You have to become a protocol expert.
- The configuration must be done manually.
- Performance degradation