Home » ModSecurity Community Console Application Tips

Reply to comment

ModSecurity Community Console Application Tips

Submitted by jli on Wed, 2010-05-19 23:16

ModSecurity is a open source web application firewall. "With over 70% of all attacks now carried out over the web application level, organisations need every help they can get in making their systems secure. Web application firewalls are deployed to establish an external security layer that increases security, detects, and prevents attacks before they reach web applications."

ModSecurity console is a free tool (with limitation of up to 3 ModSecurity Sensors) to collect and analysis the ModSecurity logs. The main features include:

  1. Self-contained application that comes with an embedded web server and an embedded database.
  2. Collects logs and alerts from any number of remote sensors in real time.
  3. User interface provides support for sensor, alert, and transaction management.
  4. Runs on any platform that supports JDK/JRE 1.4 or better.
  5. Installs in a few minutes.
  6. Automated maintenance options keep the database at a manageable size.
  7. Sensor activity history.
  8. Alerting facilities.
  9. Reporting facilities. Nice and shiny reports in PDF format can be scheduled or produced on-demand. Automatic distribution via email.
  10. Automatic DNS and Geo IP resolution1.

When I put them to work together, it does a nice job for manage the web application firewall logs especially when you are tuning the ModSecurity rules in a production network. It will be very tough to handle the huge amount of alerts without a tool especially if you implement the Core Rule Set from ModSecurity.

One small tip to set the email reporting right is to put the email server ip into hosts file if the email server name is not resovlable from your dns system. If you don't do that, even when you put ip address into the email server field of ModSecurity Console, you will still encounter the following error:

class javax.mail.MessagingException: 501 5.0.0 HELO requires domain address

And it's tricky to find where to download the ModSecurity Console because you can not find a link from both the ModSecurity site and Breach site. But it does exist at this URL: http://www.breach.com/products/ModSecurity-Community-Console.html .

So good luck and happy pretecting your web application.

Reply

  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • You may post PHP code. You should include <?php ?> tags.

More information about formatting options