Using mod_security to block PHP injection attacks


mod_security is an essential tool for securing any apache-based hosting environment.  The Pathfinder High Performance Infrastructure blog has posted a good starter piece on using mod_security to block email injections.

One of the more common problems with PHP-based applications is that they can allow the injection of malicious content, such as SQL or email spam. In some cases we find that over 95% of a client’s ISP traffic is coming from spam injection. The solution? Grab an industrial size helping of Apache mod_security.

BTW, Ivan Ristic’s (the developer of mod_security) Web Security Blog is well worth a spot in your blogroll.

(Edit: fixed title.  Duh.)


Posted by Anonymous
on Monday, May 22, 2006 at 02:57 PM

The title of this article should be changed…. mod_apache?

Posted by Ed Finkler
on Tuesday, May 23, 2006 at 04:16 AM


Leave a comment

Commenting is not available in this section entry.