ModSecurity Community Console Application Tips

Submitted by jli on Wed, 2010-05-19 23:16

ModSecurity is a open source web application firewall. "With over 70% of all attacks now carried out over the web application level, organisations need every help they can get in making their systems secure. Web application firewalls are deployed to establish an external security layer that increases security, detects, and prevents attacks before they reach web applications."

ModSecurity console is a free tool (with limitation of up to 3 ModSecurity Sensors) to collect and analysis the ModSecurity logs. The main features include:

Self-contained application that comes with an embedded web server and an embedded database.
Collects logs and alerts from any number of remote sensors in real time.
User interface provides support for sensor, alert, and transaction management.
Runs on any platform that supports JDK/JRE 1.4 or better.
Installs in a few minutes.
Automated maintenance options keep the database at a manageable size.
Sensor activity history.
Alerting facilities.
Reporting facilities. Nice and shiny reports in PDF format can be scheduled or produced on-demand. Automatic distribution via email.
Automatic DNS and Geo IP resolution1.

When I put them to work together, it does a nice job for manage the web application firewall logs especially when you are tuning the ModSecurity rules in a production network. It will be very tough to handle the huge amount of alerts without a tool especially if you implement the Core Rule Set from ModSecurity.

One small tip to set the email reporting right is to put the email server ip into hosts file if the email server name is not resovlable from your dns system. If you don't do that, even when you put ip address into the email server field of ModSecurity Console, you will still encounter the following error:

class javax.mail.MessagingException: 501 5.0.0 HELO requires domain address

And it's tricky to find where to download the ModSecurity Console because you can not find a link from both the ModSecurity site and Breach site. But it does exist at this URL: http://www.breach.com/products/ModSecurity-Community-Console.html .

So good luck and happy pretecting your web application.

Thanks for sharing some tips!

Submitted by Anonymous on Tue, 2012-01-03 07:03.

Thanks for sharing some tips! According in some related researchabout ModSecurity does not give you much without a good rule set. However, good rule sets are time consuming to develop and require a lot of testing and tuning.

Hi,

Submitted by Anonymous on Sat, 2011-12-24 01:15.

Finally I found this page that talking about Console Application Tips because I have some problem with my app and I dont know what i'm going to do. read more

Thanks for the tips and

Submitted by Anonymous on Fri, 2011-09-23 08:31.

Thanks for the tips and tricks, I am about test the applications myself and am relying on the fact they are easy to install. I am not sure that I have the right system requirements though. Is there any way to verify that? I've already set a clean registry software to help my system have an optimum functionality.

Security - We will get there