September 28, 2006

modsecurity & Web Application Firewalls

Browsing the security news the other day I noticed that Thinking Stone, the commercial company behind the other wise open source web application Firewall modsecurity has been acquired (by Breach Security) .

If I got it right this guy (Ivan Ristic) has created just about the perfect answer to the "how do I defend my web servers" problem. modescurity is a "intrusion detection and prevention" system for web apps that can easily be deployed (with it's own Apache server).

He also has a great answer to yet another problem; how do I check what's going on in an SSL tunnel?. Given that modsecurity deploys on Apache the external clients SSL sessions terminate on the modsecurity box. Very neat.

I think the only objection one could throw in front of modsecurity is the inevitable "does it scale"? It looks like it has a nice GUI and the web site shows some good reports. Seems like if you deploy this and run into a performance barrier you would need to add additional modsecurity servers; scaling them like additional web servers. It would be interesting to figure out if the management and reporting scales?